Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7 gnuPG2 Update: MGASA-2019-0348 Critical SHA-1 Fix

mageia
Calendar Grey November 30, 2019
Dist Mageia Esm H88
Update MGASA-2019-0349 addresses vulnerabilities in openssl regarding certificate validation. The amendments enhance cryptographic security by disabling weak ciphers and algorithms.
gnupg2 is updated to 2.2.18 and fix security vulnerability: Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855) * Note that this change removes all SHA-1 ...

Summary

gnupg2 is updated to 2.2.18 and fix security vulnerability:
Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855) * Note that this change removes all SHA-1 based key signature newer than 2019-01-19 from the web-of-trust. This includes all key signature created with dsa1024 keys. The new option --allow-weak-key-signatues can be used to override the new and safer behaviour.
For other fixes in this update, see the gnupg-announce reference.

References

- https://bugs.mageia.org/show_bug.cgi?id=25749

- https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html

- https://www.cve.org/CVERecord?id=CVE-2019-14855

Topics%20covered

Topics Covered

security advisory update SHA-1 gnupg2 forgery Mageia Web of Trust

Resolution

SRPMS

- 7/core/gnupg2-2.2.18-1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 30 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0348.html
Type: security
CVE: CVE-2019-14855

Topics%20covered

Topics Covered

security advisory update SHA-1 gnupg2 forgery Mageia Web of Trust

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here