Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6602: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-34903: gpg: Signature spoofing via status line injection
Red Hat Security Data
#vulnerability#linux#red_hat#git#ibm#sap

Synopsis

Moderate: gnupg2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gnupg2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

  • gpg: Signature spoofing via status line injection (CVE-2022-34903)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2102868 - CVE-2022-34903 gpg: Signature spoofing via status line injection

Red Hat Enterprise Linux for x86_64 9

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

x86_64

gnupg2-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 548533c89a879719e08d1306640998a369d712ac2d04f8f8ea862b7b7e2ce700

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-smime-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 2d6f52c1b90a8cccaa88b14c6aac15380205444535b8f7edc3d6439c07466590

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

x86_64

gnupg2-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 548533c89a879719e08d1306640998a369d712ac2d04f8f8ea862b7b7e2ce700

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-smime-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 2d6f52c1b90a8cccaa88b14c6aac15380205444535b8f7edc3d6439c07466590

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

s390x

gnupg2-2.3.3-2.el9_0.s390x.rpm

SHA-256: a97f403dd936393962f8f714b7901681f551453536ec48f4fbb11034d1110aca

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-smime-2.3.3-2.el9_0.s390x.rpm

SHA-256: 14edce3f090024e075f36cb91420e3a45833a6454c8e30292b6f3ab3ac42608f

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

s390x

gnupg2-2.3.3-2.el9_0.s390x.rpm

SHA-256: a97f403dd936393962f8f714b7901681f551453536ec48f4fbb11034d1110aca

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-smime-2.3.3-2.el9_0.s390x.rpm

SHA-256: 14edce3f090024e075f36cb91420e3a45833a6454c8e30292b6f3ab3ac42608f

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

Red Hat Enterprise Linux for Power, little endian 9

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

ppc64le

gnupg2-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 970039a8b686ef8cd5c7d7e9d1ac78b5a167d70f79871fc2eb534271821a40b3

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-smime-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: d10411048626a6c62e75c72c04b3628344550ded7651c3165b5f8e56e9cb7d32

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

ppc64le

gnupg2-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 970039a8b686ef8cd5c7d7e9d1ac78b5a167d70f79871fc2eb534271821a40b3

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-smime-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: d10411048626a6c62e75c72c04b3628344550ded7651c3165b5f8e56e9cb7d32

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

Red Hat Enterprise Linux for ARM 64 9

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

aarch64

gnupg2-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 45b9897304460903da19a08904b76baed3fb1f832ffd09364701981d276cb5e8

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-smime-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 5a9c82493769c877b82ffa363345994ff352a4ef689d7789b53db05c61592376

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

aarch64

gnupg2-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 45b9897304460903da19a08904b76baed3fb1f832ffd09364701981d276cb5e8

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-smime-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 5a9c82493769c877b82ffa363345994ff352a4ef689d7789b53db05c61592376

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

ppc64le

gnupg2-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 970039a8b686ef8cd5c7d7e9d1ac78b5a167d70f79871fc2eb534271821a40b3

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 287e236dd1da77b27637da0778530befc6b14b14fc1eae6980fb2f86c4273be7

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-debugsource-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 07a3ecc805b319658914dc6be812b966192437ceb9933c783baa8e1f58da0feb

gnupg2-smime-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: d10411048626a6c62e75c72c04b3628344550ded7651c3165b5f8e56e9cb7d32

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

gnupg2-smime-debuginfo-2.3.3-2.el9_0.ppc64le.rpm

SHA-256: 3eafff4a8c1c97021020a4998c4d0ed222ffac1fdfced13e343101e22f04809a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

x86_64

gnupg2-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 548533c89a879719e08d1306640998a369d712ac2d04f8f8ea862b7b7e2ce700

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 5b4c157de3a0f85c90f7b2dce94d52239861bf32c10eec616b2c5c01c85e0a10

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-debugsource-2.3.3-2.el9_0.x86_64.rpm

SHA-256: cf74ce8b2476f7dc32578a83d0f7d7060b61c2a3fec5ad81e7da6665a6219fda

gnupg2-smime-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 2d6f52c1b90a8cccaa88b14c6aac15380205444535b8f7edc3d6439c07466590

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

gnupg2-smime-debuginfo-2.3.3-2.el9_0.x86_64.rpm

SHA-256: 8004ff284038e92c7b28f1054c8617fbbd29704d61d567d955764d0910516e12

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

aarch64

gnupg2-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 45b9897304460903da19a08904b76baed3fb1f832ffd09364701981d276cb5e8

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 926376a5e3d35c970067e84ab383496a38cfc62260ce31ee50b5a54b7ba4af3b

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-debugsource-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 913cf6bbf5d78f9d1df5362ba5f1dbec82d3281e118c52e9adb01b2a020e3d51

gnupg2-smime-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 5a9c82493769c877b82ffa363345994ff352a4ef689d7789b53db05c61592376

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

gnupg2-smime-debuginfo-2.3.3-2.el9_0.aarch64.rpm

SHA-256: 2a43fb6e280316e61cc779569ca296e8088098ec6642b0c6b2386bb98189587e

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

gnupg2-2.3.3-2.el9_0.src.rpm

SHA-256: dadfc535b1b2d68b660c528e686e6e5f6d385524bdeb58bb7d9a12bdf2b186da

s390x

gnupg2-2.3.3-2.el9_0.s390x.rpm

SHA-256: a97f403dd936393962f8f714b7901681f551453536ec48f4fbb11034d1110aca

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 751c742364fecbab020f470dfb0c87bf925aa12fb60f65047afd85a2c40abc15

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-debugsource-2.3.3-2.el9_0.s390x.rpm

SHA-256: 27285e81cd996ae36040d4802c06a1cb7a4135c5df87d164ee21b15977c48130

gnupg2-smime-2.3.3-2.el9_0.s390x.rpm

SHA-256: 14edce3f090024e075f36cb91420e3a45833a6454c8e30292b6f3ab3ac42608f

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

gnupg2-smime-debuginfo-2.3.3-2.el9_0.s390x.rpm

SHA-256: 0207b4df0528f9a53f656ec67d6546362a83ae8f0a2bcbeadac73cd8d8c2e834

Related news

Gentoo Linux Security Advisory 202408-23

Gentoo Linux Security Advisory 202408-23 - Multiple vulnerabilities have been discovered in GnuPG, the worst of which could lead to signature spoofing. Versions greater than or equal to 2.4.4 are affected.

RHSA-2023:4053: Red Hat Security Advisory: OpenShift Container Platform 4.11.45 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21235: A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands o...

RHSA-2023:3742: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update

Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...

RHSA-2023:1326: Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...

RHSA-2023:0786: Red Hat Security Advisory: Network observability 1.1.0 security update

Network observability 1.1.0 release for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-0813: A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Red Hat Security Advisory 2022-8889-01

Red Hat Security Advisory 2022-8889-01 - This is an Openshift Logging bug fix release. Issues addressed include a denial of service vulnerability.

RHSA-2022:8781: Red Hat Security Advisory: Logging Subsystem 5.5.5 - Red Hat OpenShift security update

Logging Subsystem 5.5.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36518: jackson-databind: denial of service via a large depth of nested objects * CVE-2022-2879: golang: archive/tar: unbounded memory consumption when reading headers * CVE-2022-2880: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-32189: golang: math/b...

Red Hat Security Advisory 2022-8750-01

Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:8634: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.1 security and bug fix update

OpenShift API for Data Protection (OADP) 1.1.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: golang: crash in a golang.org/x/crypto/ssh server * CVE-2022-27664: golang: net/http: handle server errors after sending GOAWAY * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob * CVE-2022-30635: golang: encoding/gob: stack exhaustion in Decoder.Decode * CVE-2022-32190: golang: net/url: JoinPath does not strip relative path components i...

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

RHSA-2022:7313: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-25887: sanitize-html: insecure global regular expression replacement logic may lead to ReDoS * CVE-2022-25896: passport: incorrect ses...

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

Red Hat Security Advisory 2022-7058-01

Red Hat Security Advisory 2022-7058-01 - OpenShift sandboxed containers support for OpenShift Container Platform provides users with built-in support for running Kata containers as an additional, optional runtime. This advisory contains an update for OpenShift sandboxed containers with security fixes and a bug fix. Space precludes documenting all of the updates to OpenShift sandboxed containers in this advisory. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2022-7055-01

Red Hat Security Advisory 2022-7055-01 - An update is now available for Red Hat Openshift distributed tracing 2.6.0. Issues addressed include denial of service and traversal vulnerabilities.

RHSA-2022:7055: Red Hat Security Advisory: RHOSDT 2.6.0 operator/operand containers Security Update

An update is now available for Red Hat Openshift distributed tracing 2.6.0 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3918: nodejs-json-schema: Prototype pollution vulnerability * CVE-2022-0536: follow-redirects: Exposure of Sensitive Information via Authorization Header leak * CVE-2022-1650: eventsource: Exposure of Sensitive Information * CVE-2022-24785: Moment.js: Path traversal in moment.locale * CVE-2022-31129: moment: inefficient parsing algorithm resulting ...

RHSA-2022:6954: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5.3 security fixes and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.3 General Availability release images, which fix security issues and bugs, as well as update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service

Red Hat Security Advisory 2022-6696-01

Red Hat Security Advisory 2022-6696-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. Issues addressed include crlf injection and denial of service vulnerabilities.

Red Hat Security Advisory 2022-6560-01

Red Hat Security Advisory 2022-6560-01 - An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate.

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

RHSA-2022:6696: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.6 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-31150: nodejs16: CRLF injection in node-undici * CVE-2022-31151: nodejs/undici: Cookie headers uncleared on cross-origin redirect * CV...

RHSA-2022:6560: Red Hat Security Advisory: Openshift Logging Bug Fix Release and Security Update (5.3.12)

An update is now available for OpenShift Logging 5.3.12 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read

RHSA-2022:6536: Red Hat Security Advisory: OpenShift Container Platform 4.11.5 bug fix and security update

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3121: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation

Red Hat Security Advisory 2022-6537-01

Red Hat Security Advisory 2022-6537-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.5. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2022:6537: Red Hat Security Advisory: Moderate:OpenShift Container Platform 4.11.5 security and extras update

Red Hat OpenShift Container Platform release 4.11.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter

Red Hat Security Advisory 2022-6463-01

Red Hat Security Advisory 2022-6463-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Issues addressed include a spoofing vulnerability.

RHSA-2022:6463: Red Hat Security Advisory: gnupg2 security update

An update for gnupg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34903: gpg: Signature spoofing via status line injection

Ubuntu Security Notice USN-5503-2

Ubuntu Security Notice 5503-2 - USN-5503-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

Ubuntu Security Notice USN-5503-1

Ubuntu Security Notice 5503-1 - Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.