DSA-5174-1 gnupg2 -- gnupg2ID: oval:org.secpod.oval:def:608626 | Date: (C)2022-07-06 (M)2023-02-13 |
Class: PATCH | Family: unix |
Demi Marie Obenour discovered a flaw in GnuPG, allowing for signature spoofing via arbitrary injection into the status line. An attacker who controls the secret part of any signing-capable key or subkey in the victim"s keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
Platform: |
Debian 10.x |
Debian 11.x |
Product: |
dirmngr |
scdaemon |
gpg |
gnupg |