Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 28 GnuPG Security Update FEDORA-2018-a4e13742b4 Moderate Threat

fedora
Calendar Grey June 20, 2018
Dist Fedora Esm H88
This update addresses gnupg issues and includes important fixes, enhancing your system's security.
- New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020]

Summary

GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and

creating digital signatures. GnuPG has advanced key management

capabilities and is compliant with the proposed OpenPGP Internet

standard described in RFC2440. Since GnuPG doesn't use any patented

algorithm, it is not compatible with any version of PGP2 (PGP2.x uses

only IDEA for symmetric-key encryption, which is patented worldwide).

- New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches

included in upstream release - Note that this includes the fix

for [CVE-2018-12020]

* Fri Jun 15 2018 Brian C. Lane - 1.4.23-1

- New upstream v1.4.23 (#1589802,#1589620,#1589624)

- Remove patches included in upstream release

- Note that this includes the fix for [CVE-2018-12020]

* Fri Jun 8 2018 Brian C. Lane - 1.4.22-7

- doc Remove documentation for future option faked sys

- build Don't use dev srandom on OpenBSD

- Do not use C99 feature

- g10 Fix regexp sanitization

- g10 Push compress filter only if compressed

- gpg Sanitize diagnostic with the original file name [CVE-2018-12020]

[ 1 ] Bug #1589624 - CVE-2018-12020 gnupg: gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1589624

[ 2 ] Bug #1589802 - gnupg-1.4.23 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1589802

su -c 'dnf upgrade --advisory FEDORA-2018-a4e13742b4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TM65JCD6SYPGZS3OXVWSM5K44DMQJKSE/

Topics%20covered

Topics Covered

security advisory security issue gnupg encryption Fedora moderate severity software fix

Change Log

References

Update Instructions

Product: Fedora 28
Version: 1.4.23
Release: 1.fc28
URL: http://www.gnupg.org/
Summary: A GNU utility for secure communication and data storage

Topics%20covered

Topics Covered

security advisory security issue gnupg encryption Fedora moderate severity software fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here