[Oraclevm-errata] OVMSA-2018-0239 Important: Oracle VM 3.3 gnupg2 security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Thu Jul 12 20:35:25 PDT 2018
Oracle VM Security Advisory OVMSA-2018-0239
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
gnupg2-2.0.14-9.el6_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/gnupg2-2.0.14-9.el6_10.src.rpm
Description of changes:
[2.0.14-9]
- fix CVE-2018-12020 - missing sanitization of original filename
[2.0.14-8]
- fix aborts and default algorithms when running in FIPS mode (#1078957,
#966493)
- add missing initialization of libgcrypt in gpgv
- properly encode s2k iteration count in gpg-agent (#638635)
[2.0.14-6]
- fix CVE-2013-4351 gpg treats no-usage-permitted keys as
all-usages-permitted
[2.0.14-5]
- fix CVE-2012-6085 GnuPG: read_block() corrupt key input validation
- fix CVE-2013-4402 GnuPG: infinite recursion in the compressed packet
parser
More information about the Oraclevm-errata
mailing list