Security update for gpg2 (important)

2018-06-16T15:13:42
ID OPENSUSE-SU-2018:1724-1
Type suse
Reporter Suse
Modified 2018-06-16T15:13:42

Description

This update for gpg2 fixes the following security issue:

  • CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745)