Package "gnupg"
| Name: |
gnupg
|
Description: |
GNU privacy guard - a free PGP replacement
|
| Latest version: |
2.2.4-1ubuntu1.6 |
| Release: |
bionic (18.04) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
gnupg2 |
| Homepage: |
https://www.gnupg.org/ |
Links
Download "gnupg"
Other versions of "gnupg" in Bionic
Changelog
|
gnupg2 (2.2.4-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: missing sanitization of verbose output
- debian/patches/from-master/CVE-2018-12020.patch: Sanitize diagnostic with
the original file name.
- CVE-2018-12020
* SECURITY UPDATE: certify public keys without a certify key present
when using a smartcard.
- debian/patches/from-master/CVE-2018-9234-1.patch,
- debian/patches/from-master/CVE-2018-9234-2.patch: Check that a key
may do certifications.
- CVE-2018-9234
* Always use MDC encryption mode regardless of the cipher algorithm
or any preferences. The --rfc2440 option can be used to create
a message without an MDC.
- debian/patches/from-master/0003-gpg-Remove-MDC-options.patch
* Decryption of messages not using the MDC mode into a hard
failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure
into a warning.
- debian/patches/from-master/0001-gpg-Turn-no-mdc-warn-into-a-NOP.patch
- debian/patches/from-master/0003-gpg-Remove-MDC-options.patch
- debian/patches/from-master/0004-gpg-Print-a-hint-on-how-to-decrypt-a-non-mdc-message.patch
-- Steve Beattie <email address hidden> Sun, 10 Jun 2018 21:54:05 -0700
|
| CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof |
| CVE-2018-9234 |
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently |
|
About
-
Send Feedback to @ubuntu_updates
