--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-84fdbd021f
2018-06-18 15:14:44.815015
--------------------------------------------------------------------------------
Name : gnupg2
Product : Fedora 27
Version : 2.2.8
Release : 1.fc27
URL :
http://www.gnupg.org/
Summary : Utility for secure communication and data storage
Description :
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
--------------------------------------------------------------------------------
Update Information:
Important security update to new upstream gnupg version 2.2.8 and libgpg-error
1.31
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 11 2018 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.8-1
- upgrade to 2.2.8 fixing CVE 2018-12020
* Wed Apr 11 2018 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.6-1
- upgrade to 2.2.6
* Fri Mar 2 2018 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.5-1
- upgrade to 2.2.5
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Jan 12 2018 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.4-1
- upgrade to 2.2.4
* Tue Nov 21 2017 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.3-1
- upgrade to 2.2.3
* Wed Nov 8 2017 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.2-1
- upgrade to 2.2.2
* Tue Oct 3 2017 Tom���� Mr��z <tmraz(a)redhat.com> - 2.2.1-1
- upgrade to 2.2.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1589621 - CVE-2018-12020 gnupg2: Improper sanitization of filenames allows
for the display of fake status messages and the bypass of signature verification
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1589621
[ 2 ] Bug #1574487 - gnupg2-2.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574487
[ 3 ] Bug #1574044 - libgpg-error-1.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574044
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-84fdbd021f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------