openSUSE-SU-2018:1724-1

Опубликовано: 16 июн. 2018

Источник: suse-cvrf

Описание

Security update for gpg2

This update for gpg2 fixes the following security issue:

CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option (bsc#1096745)

Список пакетов

openSUSE Leap 42.3

gpg2-2.0.24-9.3.1

gpg2-lang-2.0.24-9.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00034.html
E-Mail link for openSUSE-SU-2018:1724-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Затронутые продукты

openSUSE Leap 42.3:gpg2-2.0.24-9.3.1

openSUSE Leap 42.3:gpg2-lang-2.0.24-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12020.html
CVE-2018-12020
https://bugzilla.suse.com/1096745
SUSE Bug 1096745
https://bugzilla.suse.com/1101134
SUSE Bug 1101134

openSUSE-SU-2018:1724-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-12020

Описание

Затронутые продукты

Ссылки