Debian Security Advisory 4224-1

Debian Security Advisory 4224-1: Posted Jun 8, 2018; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.; tags | advisory; systems | linux, debian; advisories | CVE-2018-12020; SHA-256 | 48ffa2083ce23edda66107d7e98133264aff4c0af7aaa1febaa827798b766e31; Download | Favorite | View

Debian Security Advisory 4224-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4224-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 08, 2018                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gnupg
CVE ID         : CVE-2018-12020

Marcus Brinkmann discovered that GnuGPG performed insufficient
sanitisation of file names displayed in status messages, which could be
abused to fake the verification status of a signed email.

Details can be found in the upstream advisory at
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

For the oldstable distribution (jessie), this problem has been fixed
in version 1.4.18-7+deb8u5.

We recommend that you upgrade your gnupg packages.

For the detailed security status of gnupg please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/gnupg

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsa+NFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RlwA/+PHaY6JTa53Q9gM9MMbEV9aJ3aXvl3VAvu4EC8Ei/rxZH0kIOO25aL+Yc
DsXwWmLl2FWuwLCRQ2HPsDuWLiNiuo4eAwM3pKg5vovAe4TbGLhd7VaSdTWa+PVj
3WwIgkZvOddPlR7saq48Lcc0taZAZwR1hQCS5bPDUzUhlzc2yMy+pi/oXioTvBxm
xOd4899wWcuRpfiZBss6veONbnf12zq/H3aCJshZrIGKxU8b7Fc+Oyq+QyK4B6sO
zMo134gF1M3HhjUxPjauX9keJe6/EMFHgjwQpA96JkNoKi96wWx31oBBJwHmLhRY
tl0FaXsBuQbZNWDU+QLbH6g2r90uuOsDHK9oY8SKIHN92/s1zW4pv2rbmcmHMPrV
oyabPZL10eH3wGf9NJAGhSO1vHOARdGJ2N3KL1AaIWLNfgXLt8QO+IH7OY3S04Y9
/sw89ojtrwIjcLpQ2DJ56Wd0LU/Jc0pNXUeEjkXthPD2VGKCYZm55yhDA5fKvBqo
m1BeKMN1qf64c40ZXq3uxV8xnt9yaFMXtX9FMZnigS7doiJhcCjggGZvzbIFoWLE
mhsDfST65Sbb9RE8q4V+tl14ssOFsQLhwByl3UzY89GpILU1qwnDyaQ2QgBI4Z18
oDQfpFkwka4Yy0iy8iqdi+DPN/VWBiIoC63ouO9MOU4rA8/VrNY=
=WGe/
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Debian Security Advisory 4224-1

Debian Security Advisory 4224-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4224-1

Share This

Debian Security Advisory 4224-1

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems