Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Security Update: 2019:0023-1 Moderate gpg2 CSRF Vulnerability

suse
Calendar Grey January 7, 2019
Dist Suse Esm H88
SUSE Security Notification for gpg2 resolves a medium-level vulnerability related to CSRF. Further information and update guidelines are provided.
An update that fixes one vulnerability is now available

Summary

This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15: zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-23=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64): gpg2-2.2.5-4.6.2 gpg2-debuginfo-2.2.5-4.6.2 gpg2-debugsource-2.2.5-4.6.2 - SUSE Linux Enterprise Module for Basesystem 15 (noarch): gpg2-lang-2.2.5-4.6.2

Topics%20covered

Topics Covered

security advisory moderate software update security fix cross-site request forgery SUSE Linux Enterprise gpg2

References

#1120346

Cross- CVE-2018-1000858

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-1000858.html

https://bugzilla.suse.com/1120346

Announcement ID: SUSE-SU-2019:0023-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software update security fix cross-site request forgery SUSE Linux Enterprise gpg2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here