Описание
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | gnupg | Will not fix | ||
| Red Hat Enterprise Linux 5 | gnupg2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | gnupg2 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | gnupg2 | Fix deferred | ||
| Red Hat Enterprise Linux 8 | gnupg | Not affected | ||
| Red Hat Enterprise Linux 8 | gnupg2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.2 Low
CVSS3
Связанные уязвимости
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ce ...
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
EPSS
2.2 Low
CVSS3