BugTraq
[SECURITY] [DSA 4224-1] gnupg security update Jun 08 2018 09:51PM
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-4224-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Salvatore Bonaccorso
June 08, 2018 https://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : gnupg
CVE ID : CVE-2018-12020

Marcus Brinkmann discovered that GnuGPG performed insufficient
sanitisation of file names displayed in status messages, which could be
abused to fake the verification status of a signed email.

Details can be found in the upstream advisory at
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

For the oldstable distribution (jessie), this problem has been fixed
in version 1.4.18-7+deb8u5.

We recommend that you upgrade your gnupg packages.

For the detailed security status of gnupg please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/gnupg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsa+NFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RlwA/+PHaY6JTa53Q9gM9MMbEV9aJ3aXvl3VAvu4EC8Ei/rxZH0kIOO25aL+Yc
DsXwWmLl2FWuwLCRQ2HPsDuWLiNiuo4eAwM3pKg5vovAe4TbGLhd7VaSdTWa+PVj
3WwIgkZvOddPlR7saq48Lcc0taZAZwR1hQCS5bPDUzUhlzc2yMy+pi/oXioTvBxm
xOd4899wWcuRpfiZBss6veONbnf12zq/H3aCJshZrIGKxU8b7Fc+Oyq+QyK4B6sO
zMo134gF1M3HhjUxPjauX9keJe6/EMFHgjwQpA96JkNoKi96wWx31oBBJwHmLhRY
tl0FaXsBuQbZNWDU+QLbH6g2r90uuOsDHK9oY8SKIHN92/s1zW4pv2rbmcmHMPrV
oyabPZL10eH3wGf9NJAGhSO1vHOARdGJ2N3KL1AaIWLNfgXLt8QO+IH7OY3S04Y9
/sw89ojtrwIjcLpQ2DJ56Wd0LU/Jc0pNXUeEjkXthPD2VGKCYZm55yhDA5fKvBqo
m1BeKMN1qf64c40ZXq3uxV8xnt9yaFMXtX9FMZnigS7doiJhcCjggGZvzbIFoWLE
mhsDfST65Sbb9RE8q4V+tl14ssOFsQLhwByl3UzY89GpILU1qwnDyaQ2QgBI4Z18
oDQfpFkwka4Yy0iy8iqdi+DPN/VWBiIoC63ouO9MOU4rA8/VrNY=
=WGe/
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus