Ubuntu Security Notice 3675-2 - USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and Ubuntu 17.10. This update provides the corresponding update for GnuPG 2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.
0897462e75854fb4e6baef305d59332291756546f6848648d42df67f1e8ed263Ubuntu Security Notice 3675-1 - Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Lance Vick discovered that GnuPG did not enforce configurations where key certification required an offline master Certify key. An attacker with access to a signing subkey could generate certifications that appeared to be valid. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
3766e8329e34b63027e4f5cf9a8633afd662c34ab0ba403d391cd6bb6a60ae4bDebian Linux Security Advisory 4223-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
f6ea747cbddc7efc3cb94834162fc04efbb679102e473cbef039c62688a32712Debian Linux Security Advisory 4222-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
6a19749f3da79b8b886406716d726e163566861df974152823ddc17394f42d0bSlackware Security Advisory - New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and - -current to fix a security issue.
d310e76a0921a6cc2ee16f19d8f8b391df2cb4899707346d543830d25c927438Debian Linux Security Advisory 4224-1 - Marcus Brinkmann discovered that GnuGPG performed insufficient sanitisation of file names displayed in status messages, which could be abused to fake the verification status of a signed email.
48ffa2083ce23edda66107d7e98133264aff4c0af7aaa1febaa827798b766e31Dell EMC Isilon OneFS suffers from incorrect authorization, cross site request forgery, and path traversal vulnerabilities.
d370d6ca7380127f4ee9a10cf1e94c01b4a479767738e0f423d758f610c85187Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025ba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed