Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Ubuntu 16.04 and 14.04 Affected by Moderate GnuPG 2 Information Flaw

ubuntu
Calendar Grey June 15, 2018
Dist Ubuntu Esm H88
GnuPG version 2 on Ubuntu contained a vulnerability leading to inaccurate validity information when decrypting. It is advisable to update for versions 14.04 and 16.04.
GnuPG 2 could be made to present validity information incorrectly.

Summary

GnuPG 2 could be made to present validity information incorrectly.

Software Description:

- gnupg2: GNU privacy guard - a free PGP replacement

Details:

USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and

Ubuntu 17.10. This update provides the corresponding update for GnuPG 2

in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.

Original advisory details:

Marcus Brinkmann discovered that during decryption or verification,

GnuPG did not properly filter out terminal sequences when reporting the

original filename. An attacker could use this to specially craft a file

that would cause an application parsing GnuPG output to incorrectly

interpret the status of the cryptographic operation reported by GnuPG.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  gnupg2                          2.1.11-6ubuntu2.1

Ubuntu 14.04 LTS:
  gnupg2                          2.0.22-3ubuntu1.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3675-2

https://ubuntu.com/security/notices/USN-3675-1

CVE-2018-12020

Severity
important
Lowest
Low
Medium
High
Critical

June 15, 2018

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.