advisories/24178.adv

type: security
subject: Updated gnupg2 packages fix security vulnerability
CVE:
 - CVE-2018-1000858
src:
  6:
   core:
     - gnupg2-2.1.21-3.2.mga6
description: |
  GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF)
  vulnerability in dirmngr that can result in Attacker controlled CSRF,
  Information Disclosure, DoS. This attack appear to be exploitable via
  Victim must perform a WKD request, e.g. enter an email address in the
  composer window of Thunderbird/Enigmail. This vulnerability appears to
  have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
  (CVE-2018-1000858)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24178
 - https://usn.ubuntu.com/3853-1/
 - https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00009.html
ID: MGASA-2019-0108
1	type: security
2	subject: Updated gnupg2 packages fix security vulnerability
3	CVE:
4	- CVE-2018-1000858
5	src:
6	6:
7	core:
8	- gnupg2-2.1.21-3.2.mga6
9	description: \|
10	GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF)
11	vulnerability in dirmngr that can result in Attacker controlled CSRF,
12	Information Disclosure, DoS. This attack appear to be exploitable via
13	Victim must perform a WKD request, e.g. enter an email address in the
14	composer window of Thunderbird/Enigmail. This vulnerability appears to
15	have been fixed in after commit 4a4bb874f63741026bd26264c43bb32b1099f060.
16	(CVE-2018-1000858)
17	references:
18	- https://bugs.mageia.org/show_bug.cgi?id=24178
19	- https://usn.ubuntu.com/3853-1/
20	- https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00009.html
21	ID: MGASA-2019-0108