Описание
Security update for gpg2
This update for gpg2 fixes the following issues:
Security issue fixed:
- CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093).
Non-security issue fixed:
- Allow coredumps in X11 desktop sessions (bsc#1124847)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
gpg2-2.2.5-lp151.6.3.1
gpg2-lang-2.2.5-lp151.6.3.1
openSUSE Leap 15.1
gpg2-2.2.5-lp151.6.3.1
gpg2-lang-2.2.5-lp151.6.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1917-1
- SUSE Security Ratings
- SUSE Bug 1124847
- SUSE Bug 1141093
- SUSE CVE CVE-2019-13050 page
Описание
Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.
Затронутые продукты
openSUSE Leap 15.0:gpg2-2.2.5-lp151.6.3.1
openSUSE Leap 15.0:gpg2-lang-2.2.5-lp151.6.3.1
openSUSE Leap 15.1:gpg2-2.2.5-lp151.6.3.1
openSUSE Leap 15.1:gpg2-lang-2.2.5-lp151.6.3.1
Ссылки
- CVE-2019-13050
- SUSE Bug 1141093