Mageia 6: MGASA-2019-0108 Critical Update: GnuPG2 CSRF Risk

mageia

March 14, 2019

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS

Summary

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. This attack appear to be exploitable via Victim must perform a WKD request, e.g. enter an email address in the composer window of Thunderbird/Enigmail. This vulnerability appears to have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060. (CVE-2018-1000858)

References

- https://bugs.mageia.org/show_bug.cgi?id=24178

- https://ubuntu.com/security/notices/USN-3853-1

- - https://www.cve.org/CVERecord?id=CVE-2018-1000858

Topics Covered

security advisory denial of service information disclosure csrf mageia

Resolution

SRPMS

- 6/core/gnupg2-2.1.21-3.2.mga6

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 14 Mar 2019

URL: https://advisories.mageia.org/MGASA-2019-0108.html

Type: security

CVE: CVE-2018-1000858

Topics Covered

security advisory denial of service information disclosure csrf mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks