Fedora 36 gnupg2 Security Fix for CVE-2022-34903 Critical Issue

GnuPG is GNU's tool for secure communication and data storage. It can

be used to encrypt data and to create digital signatures. It includes

an advanced key management facility and is compliant with the proposed

OpenPGP Internet standard as described in RFC2440 and the S/MIME

standard as described by several RFCs.

GnuPG 2.0 is a newer version of GnuPG with additional support for

S/MIME. It has a different design philosophy that splits

functionality up into several modules. The S/MIME and smartcard functionality

is provided by the gnupg2-smime package.

Fix for CVE-2022-34903 (#2103242)

* Mon Jul 4 2022 Jakub Jelen - 2.3.6-2

- Fix for CVE-2022-34903 (#2103242)

- Fix focing AEAD through configuration files (#2093760)

[ 1 ] Bug #2103242 - Status line injection via long notation name

https://bugzilla.redhat.com/show_bug.cgi?id=2103242

su -c 'dnf upgrade --advisory FEDORA-2022-aa14d396dd' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure