gnupg2-2.0.14-9.AXS4
エラータID: AXSA:2018-3257:01
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
Security Fix(es):
* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2018-12020
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
Update packages.
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
N/A
SRPMS
- gnupg2-2.0.14-9.AXS4.src.rpm
MD5: 1f4bdb695fcd98760a208db321aa85b0
SHA-256: 0085e9932cb7c1355ed78eb3774d8982938078e85c3e3cc77e1d5c38d854fdbd
Size: 3.83 MB
Asianux Server 4 for x86
- gnupg2-2.0.14-9.AXS4.i686.rpm
MD5: fdca4bea30ac2af4acbbdc9c9e37b368
SHA-256: 523be124af6f2ee655ed748552a553ab871432214addac7fe1b8a940d79cd7df
Size: 1.57 MB
Asianux Server 4 for x86_64
- gnupg2-2.0.14-9.AXS4.x86_64.rpm
MD5: 7941df45cddbd124bd7c44daaff2d5fc
SHA-256: ce1ef0b9a2eb8f025c2373853fc32ce73e99debd5f171f0500a26b734c8bffd5
Size: 1.58 MB
日本語