Important: gnupg2

2018-08-08T16:34:00
ID ALAS2-2018-1045
Type amazon
Reporter Amazon
Modified 2018-08-08T16:34:00

Description

Issue Overview:

A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020 __)

Affected Packages:

gnupg2

Issue Correction:
Run yum update gnupg2 to update your system.

New Packages:

i686:  
    gnupg2-2.0.22-5.amzn2.0.2.i686  
    gnupg2-smime-2.0.22-5.amzn2.0.2.i686  
    gnupg2-debuginfo-2.0.22-5.amzn2.0.2.i686

src:  
    gnupg2-2.0.22-5.amzn2.0.2.src

x86_64:  
    gnupg2-2.0.22-5.amzn2.0.2.x86_64  
    gnupg2-smime-2.0.22-5.amzn2.0.2.x86_64  
    gnupg2-debuginfo-2.0.22-5.amzn2.0.2.x86_64