SUSE-SU-2018:1698-2

Опубликовано: 18 окт. 2018

Источник: suse-cvrf

Описание

Security update for gpg2

This update for gpg2 fixes the following security issue:

CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745)

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

gpg2-2.0.24-9.3.1

gpg2-lang-2.0.24-9.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20181698-2/
Link for SUSE-SU-2018:1698-2
https://lists.suse.com/pipermail/sle-security-updates/2018-October/004689.html
E-Mail link for SUSE-SU-2018:1698-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1096745
SUSE Bug 1096745
https://www.suse.com/security/cve/CVE-2018-12020/
SUSE CVE CVE-2018-12020 page

Описание

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP2-BCL:gpg2-2.0.24-9.3.1

SUSE Linux Enterprise Server 12 SP2-BCL:gpg2-lang-2.0.24-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12020.html
CVE-2018-12020
https://bugzilla.suse.com/1096745
SUSE Bug 1096745
https://bugzilla.suse.com/1101134
SUSE Bug 1101134

SUSE-SU-2018:1698-2

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL

Ссылки

Уязвимость: CVE-2018-12020

Описание

Затронутые продукты

Ссылки