[Oraclevm-errata] OVMSA-2018-0239 Important: Oracle VM 3.3 gnupg2 security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Thu Jul 12 20:35:25 PDT 2018


Oracle VM Security Advisory OVMSA-2018-0239

The following updated rpms for Oracle VM 3.3 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
gnupg2-2.0.14-9.el6_10.x86_64.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/gnupg2-2.0.14-9.el6_10.src.rpm



Description of changes:

[2.0.14-9]
- fix CVE-2018-12020 - missing sanitization of original filename

[2.0.14-8]
- fix aborts and default algorithms when running in FIPS mode (#1078957, 
#966493)
- add missing initialization of libgcrypt in gpgv
- properly encode s2k iteration count in gpg-agent (#638635)

[2.0.14-6]
- fix CVE-2013-4351 gpg treats no-usage-permitted keys as 
all-usages-permitted

[2.0.14-5]
- fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation
- fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet 
parser




More information about the Oraclevm-errata mailing list