Описание
Security update for python-python-gnupg
This update for python-python-gnupg to version 0.4.3 fixes the following issues:
The following security vulnerabilities were addressed:
- Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745)
The following other changes were made:
- Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf.
- Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry
- Provide a trust_keys method to allow setting the trust level for keys
- When the gpg executable is not found, note the path used in the exception message
- Make error messages more informational
Список пакетов
openSUSE Leap 15.0
python-python-gnupg-0.4.3-lp150.2.3.1
python2-python-gnupg-0.4.3-lp150.2.3.1
python3-python-gnupg-0.4.3-lp150.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1722-1
- SUSE Security Ratings
Описание
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Затронутые продукты
openSUSE Leap 15.0:python-python-gnupg-0.4.3-lp150.2.3.1
openSUSE Leap 15.0:python2-python-gnupg-0.4.3-lp150.2.3.1
openSUSE Leap 15.0:python3-python-gnupg-0.4.3-lp150.2.3.1
Ссылки
- CVE-2018-12020
- SUSE Bug 1096745
- SUSE Bug 1101134