gnupg

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Complete and free implementation of the OpenPGP standard
Version 2.2.23-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1218 2.2.21-2 2.2.23-1 Critical Fixed
AVG-943 2.2.5-1 2.2.5-2 Low Fixed
AVG-713 2.2.7-1 2.2.8-1 High Fixed FS#58931
Issue Group Severity Remote Type Description
CVE-2020-25125 AVG-1218 Critical Yes Arbitrary code execution
Importing an OpenPGP key having a preference list for AEAD algorithms will lead to an array overflow and thus often to a crash or other undefined behaviour....
CVE-2018-12020 AVG-713 High Yes Content spoofing
A security issue has been found in gnupg before 2.2.8, leading to the possibility of faking verification status of signed content. The OpenPGP protocol...
CVE-2018-9234 AVG-943 Low No Insufficient validation
When using a GnuPG smartcard in 2.2.4+ with an offline master [C]ertify key, it is possible to sign the keys of others with only a [S]igning subkey present.

Advisories

Date Advisory Group Severity Description
07 Sep 2020 ASA-202009-5 AVG-1218 Critical arbitrary code execution
11 Jun 2018 ASA-201806-8 AVG-713 High content spoofing