You are here
Home > Preporuke > Ispravak sigurnosne zakrpe za programski paket gnupg

Ispravak sigurnosne zakrpe za programski paket gnupg

by Marina Dimic Vugec - 0

==========================================================================
Ubuntu Security Notice USN-3675-3
June 18, 2018

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

GnuPG could be made to incorrectly interpret the status of the
cryptographic operation if it received specially crafted file.

Software Description:
– gnupg: GNU privacy guard – a free PGP replacement

Details:

USN-3675-1 fixed a vulnerability in GnuPG. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Marcus Brinkmann discovered that during decryption or verification,
GnuPG did not properly filter out terminal sequences when reporting
the original filename. An attacker could use this to specially craft a
file that would cause an application parsing GnuPG output to
incorrectly interpret the status of the cryptographic operation
reported by GnuPG. (CVE-2018-12020)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
gnupg                           1.4.11-3ubuntu2.11

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-3675-3
https://usn.ubuntu.com/usn/usn-3675-1
CVE-2018-12020—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJbJ79vAAoJEEW851uECx9pcKMP/3rnu4Q6kRsVjUVKlFpihN7T
M5Q8KZmgvGbbPLsnvHnCN8MZw+rhDYI9B50CMd2SemfgQ6X/z/Is4rk5XT/Vrqs4
iWuFGLcyiiN4ElNuvVAm8CxtkoFulnEUkWjPC5mVolxKkEpftPU85/bVhexUnUkX
PhhqGrK9OkXFoxJ/sUylBKApYVj1Z2r5iDivWuXa/otMPdCdnr3PhqHgLmmvN6mm
8se2Vcd3/j1pEJyFGAUYw5rxqq26lGPcelGG2UH9eNSTGALIgUU5bfj2uFMXR0Sb
pV6W8yGvY2aYuwxKFBRc/rUK6BrFAtFMkc3KzKIIoimYNijn026a+TOwjcCP0PVx
rpC8yLvzcZA8NqtA7TWhPizlqlhDLHlpIRVRpCM33iH54mRMR0OP8Pd4rM+QLqlk
AqhgXsR/d9KHCo/65XVbU8/ZXSODJde/bdYZFtD6bV/HNnQixaEC9N85K/jlCS9w
bJcL0qeMRlZkak05v4Zrfha1Hjjx65r/NfG70onboKPL7XiOCqRWa/5+In5wvn54
teV1tfdnf8fiB7+LVXUnKH2ZvcNv2upHMZkzl//q/S4FJcSOPVT+h76kEjzG0vtA
d/mOMk2ziXdbUgD/YojPLOnU1bOiyT+KSRoPKsRvlB5Bsxh+1koxABHuRpxLqd9f
oG4eVa/NVtnUEcGpc63f
=b6d1
—–END PGP SIGNATURE—–

Marina Dimic Vugec
Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libvirt

Otkriveni su sigurnosni nedostaci programske biblioteke libvirt za operacijski sustav RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close