Vulnerabilities > CVE-2018-12020 - Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
redhat
canonical
debian
gnupg
CWE-706
nessus

Summary

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

Vulnerable Configurations

Part Description Count
OS
Redhat
10
OS
Canonical
7
OS
Debian
2
Application
Gnupg
198

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging/Manipulating Configuration File Search Paths
    This attack loads a malicious resource into a program's standard path used to bootstrap and/or provide contextual information for a program like a path variable or classpath. J2EE applications and other component based applications that are built from multiple binaries can have very long list of dependencies to execute. If one of these libraries and/or references is controllable by the attacker then application controls can be circumvented by the attacker. A standard UNIX path looks similar to this If the attacker modifies the path variable to point to a locale that includes malicious resources then the user unwittingly can execute commands on the attackers' behalf: This is a form of usurping control of the program and the attack can be done on the classpath, database resources, or any other resources built from compound parts. At runtime detection and blocking of this attack is nearly impossible, because the configuration allows execution.
  • DLL Search Order Hijacking
    The attacker exploits the functionality of the Windows DLL loader where the process loading the DLL searches for the DLL to be loaded first in the same directory in which the process binary resides and then in other directories (e.g., System32). Exploitation of this preferential search order can allow an attacker to make the loading process load the attackers' rogue DLL rather than the legitimate DLL. For instance, an attacker with access to the file system may place a malicious ntshrui.dll in the C:\Windows directory. This DLL normally resides in the System32 folder. Process explorer.exe which also resides in C:\Windows, upon trying to load the ntshrui.dll from the System32 folder will actually load the DLL supplied by the attacker simply because of the preferential search order. Since the attacker has placed its malicious ntshrui.dll in the same directory as the loading explorer.exe process, the DLL supplied by the attacker will be found first and thus loaded in lieu of the legitimate DLL. Since explorer.exe is loaded during the boot cycle, the attackers' malware is guaranteed to execute. This attack can be leveraged with many different DLLs and with many different loading processes. No forensic trails are left in the system's registry or file system that an incorrect DLL had been loaded.
  • Passing Local Filenames to Functions That Expect a URL
    This attack relies on client side code to access local files and resources instead of URLs. When the client browser is expecting a URL string, but instead receives a request for a local file, that execution is likely to occur in the browser process space with the browser's authority to local files. The attacker can send the results of this request to the local files out to a site that they control. This attack may be used to steal sensitive authentication data (either local or remote), or to gain system profile information to launch further attacks.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-640.NASL
    descriptionThis update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-05
    modified2018-06-18
    plugin id110589
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110589
    titleopenSUSE Security Update : gpg2 (openSUSE-2018-640)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-640.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110589);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-12020");
      script_xref(name:"IAVA", value:"2018-A-0193");
    
      script_name(english:"openSUSE Security Update : gpg2 (openSUSE-2018-640)");
      script_summary(english:"Check for the openSUSE-2018-640 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for gpg2 fixes the following security issue :
    
      - CVE-2018-12020: GnuPG mishandled the original filename
        during decryption and verification actions, which
        allowed remote attackers to spoof the output that GnuPG
        sends on file descriptor 2 to other programs that use
        the '--status-fd 2' option (bsc#1096745)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096745"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected gpg2 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gpg2-lang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0 / 42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"gpg2-2.2.5-lp150.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"gpg2-debuginfo-2.2.5-lp150.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"gpg2-debugsource-2.2.5-lp150.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"gpg2-lang-2.2.5-lp150.3.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"gpg2-2.0.24-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"gpg2-debuginfo-2.0.24-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"gpg2-debugsource-2.0.24-9.3.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"gpg2-lang-2.0.24-9.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg2 / gpg2-debuginfo / gpg2-debugsource / gpg2-lang");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1696-1.NASL
    descriptionThis update for gpg2 fixes the following issues : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-01
    modified2020-06-02
    plugin id110594
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110594
    titleSUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:1696-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110594);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/10 13:51:48");
    
      script_cve_id("CVE-2018-12020");
      script_xref(name:"IAVA", value:"2018-A-0193");
    
      script_name(english:"SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for gpg2 fixes the following issues :
    
      - CVE-2018-12020: GnuPG mishandled the original filename
        during decryption and verification actions, which
        allowed remote attackers to spoof the output that GnuPG
        sends on file descriptor 2 to other programs that use
        the '--status-fd 2' option (bsc#1096745)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1096745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-12020/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20181696-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?04ba298d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-gpg2-13655=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-gpg2-13655=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-gpg2-13655=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-gpg2-13655=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-gpg2-13655=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gpg2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gpg2-lang");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"gpg2-2.0.9-25.33.42.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"gpg2-lang-2.0.9-25.33.42.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"gpg2-2.0.9-25.33.42.3.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"gpg2-lang-2.0.9-25.33.42.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gpg2");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180712_GNUPG2_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
    last seen2020-03-18
    modified2018-07-13
    plugin id111050
    published2018-07-13
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111050
    titleScientific Linux Security Update : gnupg2 on SL6.x i386/x86_64 (20180712)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1221.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-07-20
    plugin id111183
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111183
    titleEulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2018-1221)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2180.NASL
    descriptionAn update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111033
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111033
    titleRHEL 6 : gnupg2 (RHSA-2018:2180)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3964-1.NASL
    descriptionMarcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124587
    published2019-05-03
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124587
    titleUbuntu 18.04 LTS / 18.10 / 19.04 : python-gnupg vulnerabilities (USN-3964-1)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0023_GNUPG2.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127182
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127182
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : gnupg2 Vulnerability (NS-SA-2019-0023)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1333.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118421
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118421
    titleEulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2181.NASL
    descriptionAn update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111034
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111034
    titleRHEL 7 : gnupg2 (RHSA-2018:2181)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-170-01.NASL
    descriptionNew gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id110619
    published2018-06-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110619
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2018-170-01)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-84FDBD021F.NASL
    descriptionImportant security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-06-19
    plugin id110598
    published2018-06-19
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110598
    titleFedora 27 : gnupg2 / libgpg-error (2018-84fdbd021f)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1814-1.NASL
    descriptionThis update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-01
    modified2020-06-02
    plugin id120025
    published2019-01-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120025
    titleSUSE SLED15 / SLES15 Security Update : gpg2 (SUSE-SU-2018:1814-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1324.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118412
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118412
    titleEulerOS Virtualization 2.5.1 : gnupg2 (EulerOS-SA-2018-1324)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1698-1.NASL
    descriptionThis update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-01
    modified2020-06-02
    plugin id110595
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110595
    titleSUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-69780FC4D7.NASL
    description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] ---- - doc Remove documentation for future option faked sys - build Don
    last seen2020-06-05
    modified2018-07-06
    plugin id110931
    published2018-07-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110931
    titleFedora 27 : gnupg (2018-69780fc4d7)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL
    descriptionGnuPG reports : GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.
    last seen2020-06-01
    modified2020-06-02
    plugin id110430
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110430
    titleFreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1223.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-08-10
    plugin id111643
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111643
    titleEulerOS 2.0 SP3 : gnupg2 (EulerOS-SA-2018-1223)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-477.NASL
    descriptionThis update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures : - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.
    last seen2020-05-31
    modified2019-03-27
    plugin id123195
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123195
    titleopenSUSE Security Update : enigmail (openSUSE-2019-477)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3675-1.NASL
    descriptionMarcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020) Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-9234). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110475
    published2018-06-12
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110475
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : gnupg, gnupg2 vulnerabilities (USN-3675-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2180.NASL
    descriptionFrom Red Hat Security Advisory 2018:2180 : An update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111024
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111024
    titleOracle Linux 6 : gnupg2 (ELSA-2018-2180)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-4EF71D3525.NASL
    description - doc Remove documentation for future option faked sys - build Don
    last seen2020-06-05
    modified2019-01-03
    plugin id120411
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120411
    titleFedora 28 : gnupg (2018-4ef71d3525)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1045.NASL
    descriptionA data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020)
    last seen2020-06-01
    modified2020-06-02
    plugin id111605
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111605
    titleAmazon Linux 2 : gnupg2 (ALAS-2018-1045)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-480.NASL
    descriptionThis update for gpg2 fixes the following security issue : - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-05-31
    modified2019-03-27
    plugin id123198
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123198
    titleopenSUSE Security Update : gpg2 (openSUSE-2019-480)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-A4E13742B4.NASL
    description - New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120670
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120670
    titleFedora 28 : gnupg (2018-a4e13742b4)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2180.NASL
    descriptionAn update for gnupg2 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111078
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111078
    titleCentOS 6 : gnupg2 (CESA-2018:2180)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-3DC16842E2.NASL
    descriptionImportant security update to new upstream gnupg version 2.2.8 and libgpg-error 1.31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120365
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120365
    titleFedora 28 : gnupg2 / libgpg-error (2018-3dc16842e2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1077.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-01
    modified2020-06-02
    plugin id122700
    published2019-03-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122700
    titleEulerOS Virtualization 2.5.2 : gnupg2 (EulerOS-SA-2019-1077)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3675-2.NASL
    descriptionUSN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Original advisory details : Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110549
    published2018-06-15
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110549
    titleUbuntu 14.04 LTS / 16.04 LTS : gnupg2 vulnerability (USN-3675-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1045.NASL
    descriptionA data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)
    last seen2020-06-01
    modified2020-06-02
    plugin id110784
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110784
    titleAmazon Linux AMI : gnupg / gnupg2 (ALAS-2018-1045)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0135_GNUPG2.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has gnupg2 packages installed that are affected by a vulnerability: - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127393
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127393
    titleNewStart CGSL MAIN 4.05 : gnupg2 Vulnerability (NS-SA-2019-0135)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0239.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2018-12020 - missing sanitization of original filename
    last seen2020-06-01
    modified2020-06-02
    plugin id111049
    published2018-07-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111049
    titleOracleVM 3.3 / 3.4 : gnupg2 (OVMSA-2018-0239)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2181.NASL
    descriptionFrom Red Hat Security Advisory 2018:2181 : An update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111025
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111025
    titleOracle Linux 7 : gnupg2 (ELSA-2018-2181)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1457.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124960
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124960
    titleEulerOS Virtualization 3.0.1.0 : gnupg2 (EulerOS-SA-2019-1457)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-159-01.NASL
    descriptionNew gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id110432
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110432
    titleSlackware 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg2 (SSA:2018-159-01)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180712_GNUPG2_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
    last seen2020-03-18
    modified2018-07-17
    plugin id111113
    published2018-07-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111113
    titleScientific Linux Security Update : gnupg2 on SL7.x x86_64 (20180712)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4224.NASL
    descriptionMarcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen2020-06-01
    modified2020-06-02
    plugin id110423
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110423
    titleDebian DSA-4224-1 : gnupg - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-630.NASL
    descriptionThis update for enigmail fixes vulnerabilities that allowed spoofing of e-mail signatures : - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user IDs (boo#1097525) - CVE-2018-12020: signature spoofing via diagnostic output of the original file name in GnuPG verbose mode (boo#1096745) This mitigation prevents CVE-2018-12020 from being exploited even if GnuPG is not patched.
    last seen2020-06-05
    modified2018-06-18
    plugin id110586
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110586
    titleopenSUSE Security Update : enigmail (openSUSE-2018-630)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1157.NASL
    descriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.i1/4^CVE-2018-12020i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123843
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123843
    titleEulerOS Virtualization 2.5.3 : gnupg2 (EulerOS-SA-2019-1157)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1698-2.NASL
    descriptionThis update for gpg2 fixes the following security issue : CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the
    last seen2020-06-01
    modified2020-06-02
    plugin id118265
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118265
    titleSUSE SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-2)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2181.NASL
    descriptionAn update for gnupg2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es) : * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id111079
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111079
    titleCentOS 7 : gnupg2 (CESA-2018:2181)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4222.NASL
    descriptionMarcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen2020-06-01
    modified2020-06-02
    plugin id110421
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110421
    titleDebian DSA-4222-1 : gnupg2 - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-646.NASL
    descriptionThis update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745) The following other changes were made : - Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf. - Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry - Provide a trust_keys method to allow setting the trust level for keys - When the gpg executable is not found, note the path used in the exception message - Make error messages more informational
    last seen2020-06-05
    modified2018-06-18
    plugin id110591
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110591
    titleopenSUSE Security Update : python-python-gnupg (openSUSE-2018-646)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-478.NASL
    descriptionThis update for python-python-gnupg to version 0.4.3 fixes the following issues : The following security vulnerabilities were addressed : - Sanitize diagnostic output of the original file name in verbose mode (CVE-2018-12020 boo#1096745) The following other changes were made : - Add --no-verbose to the gpg command line, in case verbose is specified is gpg.conf. - Add expect_passphrase password for use on GnuPG >= 2.1 when passing passphrase to gpg via pinentry - Provide a trust_keys method to allow setting the trust level for keys - When the gpg executable is not found, note the path used in the exception message - Make error messages more informational
    last seen2020-06-01
    modified2020-06-02
    plugin id123196
    published2019-03-27
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123196
    titleopenSUSE Security Update : python-python-gnupg (openSUSE-2019-478)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4223.NASL
    descriptionMarcus Brinkmann discovered that GnuPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email. Details can be found in the upstream advisory at https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
    last seen2020-06-01
    modified2020-06-02
    plugin id110422
    published2018-06-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110422
    titleDebian DSA-4223-1 : gnupg1 - security update

Redhat

advisories
  • bugzilla
    id1589620
    titleCVE-2018-12020 gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentgnupg2-smime is earlier than 0:2.0.14-9.el6_10
            ovaloval:com.redhat.rhsa:tst:20182180001
          • commentgnupg2-smime is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131459007
        • AND
          • commentgnupg2 is earlier than 0:2.0.14-9.el6_10
            ovaloval:com.redhat.rhsa:tst:20182180003
          • commentgnupg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131459005
    rhsa
    idRHSA-2018:2180
    released2018-07-11
    severityImportant
    titleRHSA-2018:2180: gnupg2 security update (Important)
  • bugzilla
    id1589620
    titleCVE-2018-12020 gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgnupg2-smime is earlier than 0:2.0.22-5.el7_5
            ovaloval:com.redhat.rhsa:tst:20182181001
          • commentgnupg2-smime is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131459007
        • AND
          • commentgnupg2 is earlier than 0:2.0.22-5.el7_5
            ovaloval:com.redhat.rhsa:tst:20182181003
          • commentgnupg2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131459005
    rhsa
    idRHSA-2018:2181
    released2018-07-11
    severityImportant
    titleRHSA-2018:2181: gnupg2 security update (Important)
rpms
  • gnupg2-0:2.0.14-9.el6_10
  • gnupg2-debuginfo-0:2.0.14-9.el6_10
  • gnupg2-smime-0:2.0.14-9.el6_10
  • gnupg2-0:2.0.22-5.el7_5
  • gnupg2-debuginfo-0:2.0.22-5.el7_5
  • gnupg2-smime-0:2.0.22-5.el7_5

The Hacker News

References