Описание
Security update for gpg2
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
gpg2-2.0.24-9.11.1
Container suse/sles12sp4:latest
gpg2-2.0.24-9.11.1
Container suse/sles12sp5:latest
gpg2-2.0.24-9.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
gpg2-2.0.24-9.11.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-Basic-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-HPC-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-HPC-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-SAP-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-SAP-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-Azure-Standard-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-EC2-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-EC2-ECS-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-EC2-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-EC2-SAP-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-EC2-SAP-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-GCE-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-GCE-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-GCE-SAP-BYOS
gpg2-2.0.24-9.11.1
Image SLES12-SP5-GCE-SAP-On-Demand
gpg2-2.0.24-9.11.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
gpg2-2.0.24-9.11.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
gpg2-2.0.24-9.11.1
SUSE Linux Enterprise Server 12 SP2-BCL
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE Linux Enterprise Server 12 SP3-BCL
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE Linux Enterprise Server 12 SP4-LTSS
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE Linux Enterprise Server 12 SP5
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE OpenStack Cloud 9
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
SUSE OpenStack Cloud Crowbar 9
gpg2-2.0.24-9.11.1
gpg2-lang-2.0.24-9.11.1
Ссылки
- Link for SUSE-SU-2022:2529-1
- E-Mail link for SUSE-SU-2022:2529-1
- SUSE Security Ratings
- SUSE Bug 1201225
- SUSE CVE CVE-2022-34903 page
Описание
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:gpg2-2.0.24-9.11.1
Container suse/sles12sp4:latest:gpg2-2.0.24-9.11.1
Container suse/sles12sp5:latest:gpg2-2.0.24-9.11.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:gpg2-2.0.24-9.11.1
Ссылки
- CVE-2022-34903
- SUSE Bug 1201225