openSUSE-SU-2019:0143-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for python-python-gnupg

This update for python-python-gnupg to version 0.4.4 fixes the following issues:

Security issue fixed:

CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases (boo#1123498).

Список пакетов

openSUSE Leap 15.0

python2-python-gnupg-0.4.4-lp150.2.6.1

python3-python-gnupg-0.4.4-lp150.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/APEB2TMV4R5466CPFHCDNMQ2NAKNEKRW/#APEB2TMV4R5466CPFHCDNMQ2NAKNEKRW
E-Mail link for openSUSE-SU-2019:0143-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1123498
SUSE Bug 1123498
https://www.suse.com/security/cve/CVE-2019-6690/
SUSE CVE CVE-2019-6690 page

Описание

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Затронутые продукты

openSUSE Leap 15.0:python2-python-gnupg-0.4.4-lp150.2.6.1

openSUSE Leap 15.0:python3-python-gnupg-0.4.4-lp150.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-6690.html
CVE-2019-6690
https://bugzilla.suse.com/1123498
SUSE Bug 1123498

openSUSE-SU-2019:0143-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-6690

Описание

Затронутые продукты

Ссылки