gnupg2 security update

2018-07-13T16:56:38
ID CESA-2018:2180
Type centos
Reporter CentOS Project
Modified 2018-07-13T16:56:38

Description

CentOS Errata and Security Advisory CESA-2018:2180

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

  • gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2018-July/035004.html

Affected packages: gnupg2 gnupg2-smime

Upstream details at: