ID CESA-2018:2180 Type centos Reporter CentOS Project Modified 2018-07-13T16:56:38
Description
CentOS Errata and Security Advisory CESA-2018:2180
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
Security Fix(es):
gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Merged security bulletin from advisories:
http://lists.centos.org/pipermail/centos-announce/2018-July/035004.html
Affected packages:
gnupg2
gnupg2-smime
Upstream details at:
{"id": "CESA-2018:2180", "bulletinFamily": "unix", "title": "gnupg2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2018:2180\n\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.\n\nSecurity Fix(es):\n\n* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-July/035004.html\n\n**Affected packages:**\ngnupg2\ngnupg2-smime\n\n**Upstream details at:**\n", "published": "2018-07-13T16:56:38", "modified": "2018-07-13T16:56:38", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "http://lists.centos.org/pipermail/centos-announce/2018-July/035004.html", "reporter": "CentOS Project", "references": ["http://steadfast.net/", "https://access.redhat.com/errata/RHSA-2018:2180"], "cvelist": ["CVE-2018-12020"], "type": "centos", "lastseen": "2020-12-08T03:37:21", "edition": 5, "viewCount": 218, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-12020"]}, {"type": "f5", "idList": ["F5:K55121327"]}, {"type": "freebsd", "idList": ["7DA0417F-6B24-11E8-84CC-002590ACAE31"]}, {"type": "nessus", "idList": ["EULEROS_SA-2018-1221.NASL", "SL_20180712_GNUPG2_ON_SL6_X.NASL", "FEDORA_2018-69780FC4D7.NASL", "FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL", "EULEROS_SA-2018-1324.NASL", "OPENSUSE-2019-480.NASL", "SL_20180712_GNUPG2_ON_SL7_X.NASL", "EULEROS_SA-2019-1457.NASL", "EULEROS_SA-2018-1333.NASL", "UBUNTU_USN-3675-2.NASL"]}, {"type": "fedora", "idList": ["FEDORA:D57626042B0A", "FEDORA:0210D601DA49", "FEDORA:F13E1604948D", "FEDORA:2DDF66042B0E", "FEDORA:4674E60F757C", "FEDORA:420A76030B23", "FEDORA:AC0B8604948D"]}, {"type": "amazon", "idList": ["ALAS2-2018-1045", "ALAS-2018-1045"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4222-1:E134E", "DEBIAN:DSA-4224-1:F5240", "DEBIAN:DSA-4223-1:2BDEC"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-2180", "ELSA-2018-2181"]}, {"type": "ubuntu", "idList": ["USN-3964-1", "USN-3675-1", "USN-3675-3", "USN-3675-2"]}, {"type": "centos", "idList": ["CESA-2018:2181"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874700", "OPENVAS:1361412562310874703", "OPENVAS:1361412562310882921", "OPENVAS:1361412562310704224", "OPENVAS:1361412562311220181223", "OPENVAS:1361412562310874702", "OPENVAS:1361412562310704223", "OPENVAS:1361412562310874682", "OPENVAS:1361412562310851792", "OPENVAS:1361412562311220181324"]}, {"type": "slackware", "idList": ["SSA-2018-159-01", "SSA-2018-170-01"]}, {"type": "redhat", "idList": ["RHSA-2018:2181", "RHSA-2018:2180"]}, {"type": "thn", "idList": ["THN:7AF4F467FCD2B758CD46FDBECE48E35F"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1706-1", "OPENSUSE-SU-2018:1722-1", "OPENSUSE-SU-2018:1708-1", "OPENSUSE-SU-2018:1724-1"]}, {"type": "archlinux", "idList": ["ASA-201806-8"]}], "modified": "2020-12-08T03:37:21", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-12-08T03:37:21", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "gnupg2-smime-2.0.14-9.el6_10.x86_64.rpm", "packageName": "gnupg2-smime", "packageVersion": "2.0.14-9.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "gnupg2-smime-2.0.14-9.el6_10.i686.rpm", "packageName": "gnupg2-smime", "packageVersion": "2.0.14-9.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "any", "operator": "lt", "packageFilename": "gnupg2-2.0.14-9.el6_10.src.rpm", "packageName": "gnupg2", "packageVersion": "2.0.14-9.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "i686", "operator": "lt", "packageFilename": "gnupg2-2.0.14-9.el6_10.i686.rpm", "packageName": "gnupg2", "packageVersion": "2.0.14-9.el6_10"}, {"OS": "CentOS", "OSVersion": "6", "arch": "x86_64", "operator": "lt", "packageFilename": "gnupg2-2.0.14-9.el6_10.x86_64.rpm", "packageName": "gnupg2", "packageVersion": "2.0.14-9.el6_10"}], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T06:52:26", "description": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-06-08T21:29:00", "title": "CVE-2018-12020", "type": "cve", "cwe": ["CWE-706"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12020"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:17.10", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-12020", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12020", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:37", "bulletinFamily": "software", "cvelist": ["CVE-2018-12020"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-09-04T17:53:00", "published": "2018-09-04T17:53:00", "id": "F5:K55121327", "href": "https://support.f5.com/csp/article/K55121327", "title": "GnuPG vulnerability CVE-2018-12020", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020", "CVE-2017-7526"], "description": "\nGnuPG reports:\n\nGnuPG did not sanitize input file names, which may then be output to\n\t the terminal. This could allow terminal control sequences or fake\n\t status messages to be injected into the output.\n\n", "edition": 6, "modified": "2018-06-07T00:00:00", "published": "2018-06-07T00:00:00", "id": "7DA0417F-6B24-11E8-84CC-002590ACAE31", "href": "https://vuxml.freebsd.org/freebsd/7da0417f-6b24-11e8-84cc-002590acae31.html", "title": "gnupg -- unsanitized output (CVE-2018-12020)", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-03-01T02:55:15", "description": "GnuPG reports :\n\nGnuPG did not sanitize input file names, which may then be output to\nthe terminal. This could allow terminal control sequences or fake\nstatus messages to be injected into the output.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-11T00:00:00", "title": "FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020", "CVE-2017-7526"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:gnupg1", "p-cpe:/a:freebsd:freebsd:gnupg", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7DA0417F6B2411E884CC002590ACAE31.NASL", "href": "https://www.tenable.com/plugins/nessus/110430", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110430);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/11 10:17:50\");\n\n script_cve_id(\"CVE-2017-7526\", \"CVE-2018-12020\");\n\n script_name(english:\"FreeBSD : gnupg -- unsanitized output (CVE-2018-12020) (7da0417f-6b24-11e8-84cc-002590acae31)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"GnuPG reports :\n\nGnuPG did not sanitize input file names, which may then be output to\nthe terminal. This could allow terminal control sequences or fake\nstatus messages to be injected into the output.\"\n );\n # https://vuxml.freebsd.org/freebsd/7da0417f-6b24-11e8-84cc-002590acae31.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?38d2a0a0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnupg1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gnupg<2.2.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gnupg1<1.4.23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:18:06", "description": " - doc Remove documentation for future option faked sys\n\n - build Don't use dev srandom on OpenBSD\n\n - Do not use C99 feature\n\n - g10 Fix regexp sanitization\n\n - g10 Push compress filter only if compressed\n\n - gpg Sanitize diagnostic with the original file name\n [CVE-2018-12020]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 15, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : gnupg (2018-4ef71d3525)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnupg", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-4EF71D3525.NASL", "href": "https://www.tenable.com/plugins/nessus/120411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-4ef71d3525.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120411);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"FEDORA\", value:\"2018-4ef71d3525\");\n\n script_name(english:\"Fedora 28 : gnupg (2018-4ef71d3525)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - doc Remove documentation for future option faked sys\n\n - build Don't use dev srandom on OpenBSD\n\n - Do not use C99 feature\n\n - g10 Fix regexp sanitization\n\n - g10 Push compress filter only if compressed\n\n - gpg Sanitize diagnostic with the original file name\n [CVE-2018-12020]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ef71d3525\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"gnupg-1.4.22-7.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:19:09", "description": "Important security update to new upstream gnupg version 2.2.8 and\nlibgpg-error 1.31\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-19T00:00:00", "title": "Fedora 27 : gnupg2 / libgpg-error (2018-84fdbd021f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2018-06-19T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:libgpg-error", "p-cpe:/a:fedoraproject:fedora:gnupg2"], "id": "FEDORA_2018-84FDBD021F.NASL", "href": "https://www.tenable.com/plugins/nessus/110598", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-84fdbd021f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110598);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"FEDORA\", value:\"2018-84fdbd021f\");\n\n script_name(english:\"Fedora 27 : gnupg2 / libgpg-error (2018-84fdbd021f)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Important security update to new upstream gnupg version 2.2.8 and\nlibgpg-error 1.31\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-84fdbd021f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg2 and / or libgpg-error packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libgpg-error\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"gnupg2-2.2.8-1.fc27\")) flag++;\nif (rpm_check(release:\"FC27\", reference:\"libgpg-error-1.31-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2 / libgpg-error\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T08:54:09", "description": "According to the version of the gnupg2 package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - A data validation flaw was found in the way gnupg\n processes file names during decryption and signature\n validation. An attacker may be able to inject messages\n into gnupg verbose message logging which may have the\n potential to bypass the integrity of signature\n authentication mechanisms and could have other\n unintended consequences if applications take action(s)\n based on parsed verbose gnupg output. (CVE-2018-12020)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-10-26T00:00:00", "title": "EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2018-10-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gnupg2", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1333.NASL", "href": "https://www.tenable.com/plugins/nessus/118421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118421);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-12020\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the gnupg2 package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - A data validation flaw was found in the way gnupg\n processes file names during decryption and signature\n validation. An attacker may be able to inject messages\n into gnupg verbose message logging which may have the\n potential to bypass the integrity of signature\n authentication mechanisms and could have other\n unintended consequences if applications take action(s)\n based on parsed verbose gnupg output. (CVE-2018-12020)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1333\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?20cac042\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-3.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T06:54:50", "description": "This update for gpg2 fixes the following security issue :\n\n - CVE-2018-12020: GnuPG mishandled the original filename\n during decryption and verification actions, which\n allowed remote attackers to spoof the output that GnuPG\n sends on file descriptor 2 to other programs that use\n the '--status-fd 2' option (bsc#1096745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 30, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-18T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:gpg2-debugsource", "p-cpe:/a:novell:suse_linux:gpg2-debuginfo", "p-cpe:/a:novell:suse_linux:gpg2"], "id": "SUSE_SU-2018-1698-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110595", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1698-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110595);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/10 13:51:48\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0193\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gpg2 (SUSE-SU-2018:1698-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gpg2 fixes the following security issue :\n\n - CVE-2018-12020: GnuPG mishandled the original filename\n during decryption and verification actions, which\n allowed remote attackers to spoof the output that GnuPG\n sends on file descriptor 2 to other programs that use\n the '--status-fd 2' option (bsc#1096745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12020/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181698-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10d59214\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-1141=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-1141=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-1141=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-1141=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-1141=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-1141=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-1141=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-1141=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-1141=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-1141=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-debuginfo-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gpg2-debugsource-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-debuginfo-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"gpg2-debugsource-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gpg2-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gpg2-debuginfo-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"gpg2-debugsource-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gpg2-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gpg2-debuginfo-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"gpg2-debugsource-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"gpg2-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"gpg2-debuginfo-2.0.24-9.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"gpg2-debugsource-2.0.24-9.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T01:36:06", "description": "An update for gnupg2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with OpenPGP and S/MIME\nstandards.\n\nSecurity Fix(es) :\n\n* gnupg2: Improper sanitization of filenames allows for the display of\nfake status messages and the bypass of signature verification\n(CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-07-16T00:00:00", "title": "CentOS 7 : gnupg2 (CESA-2018:2181)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gnupg2-smime", "p-cpe:/a:centos:centos:gnupg2", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/111079", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2181 and \n# CentOS Errata and Security Advisory 2018:2181 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111079);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"RHSA\", value:\"2018:2181\");\n\n script_name(english:\"CentOS 7 : gnupg2 (CESA-2018:2181)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gnupg2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with OpenPGP and S/MIME\nstandards.\n\nSecurity Fix(es) :\n\n* gnupg2: Improper sanitization of filenames allows for the display of\nfake status messages and the bypass of signature verification\n(CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-July/022963.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae7e7a14\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnupg2 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-12020\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnupg2-smime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnupg2-2.0.22-5.el7_5\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gnupg2-smime-2.0.22-5.el7_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2 / gnupg2-smime\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T05:45:04", "description": "An update for gnupg2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with OpenPGP and S/MIME\nstandards.\n\nSecurity Fix(es) :\n\n* gnupg2: Improper sanitization of filenames allows for the display of\nfake status messages and the bypass of signature verification\n(CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-07-12T00:00:00", "title": "RHEL 7 : gnupg2 (RHSA-2018:2181)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:gnupg2-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:gnupg2-smime", "p-cpe:/a:redhat:enterprise_linux:gnupg2"], "id": "REDHAT-RHSA-2018-2181.NASL", "href": "https://www.tenable.com/plugins/nessus/111034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:2181. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111034);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"RHSA\", value:\"2018:2181\");\n script_xref(name:\"IAVA\", value:\"2018-A-0193\");\n\n script_name(english:\"RHEL 7 : gnupg2 (RHSA-2018:2181)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gnupg2 is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and\ncreating digital signatures, compliant with OpenPGP and S/MIME\nstandards.\n\nSecurity Fix(es) :\n\n* gnupg2: Improper sanitization of filenames allows for the display of\nfake status messages and the bypass of signature verification\n(CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:2181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-12020\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gnupg2, gnupg2-debuginfo and / or gnupg2-smime\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnupg2-smime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:2181\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnupg2-2.0.22-5.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnupg2-2.0.22-5.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnupg2-debuginfo-2.0.22-5.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnupg2-debuginfo-2.0.22-5.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"gnupg2-smime-2.0.22-5.el7_5\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"gnupg2-smime-2.0.22-5.el7_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2 / gnupg2-debuginfo / gnupg2-smime\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-03-01T01:12:48", "description": "New gnupg packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-20T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2018-170-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:gnupg", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2018-170-01.NASL", "href": "https://www.tenable.com/plugins/nessus/110619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-170-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110619);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/05/07 12:34:16\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"SSA\", value:\"2018-170-01\");\n script_xref(name:\"IAVA\", value:\"2018-A-0193\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2018-170-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnupg packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.549260\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46316c4d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gnupg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnupg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/20\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"gnupg\", pkgver:\"1.4.23\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T14:53:22", "description": "This update for gpg2 fixes the following issues :\n\n - CVE-2018-12020: GnuPG mishandled the original filename\n during decryption and verification actions, which\n allowed remote attackers to spoof the output that GnuPG\n sends on file descriptor 2 to other programs that use\n the '--status-fd 2' option (bsc#1096745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-18T00:00:00", "title": "SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2018-06-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:gpg2-lang", "p-cpe:/a:novell:suse_linux:gpg2"], "id": "SUSE_SU-2018-1696-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110594", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:1696-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110594);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0193\");\n\n script_name(english:\"SUSE SLES11 Security Update : gpg2 (SUSE-SU-2018:1696-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gpg2 fixes the following issues :\n\n - CVE-2018-12020: GnuPG mishandled the original filename\n during decryption and verification actions, which\n allowed remote attackers to spoof the output that GnuPG\n sends on file descriptor 2 to other programs that use\n the '--status-fd 2' option (bsc#1096745)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12020/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20181696-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04ba298d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-gpg2-13655=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-gpg2-13655=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-gpg2-13655=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-gpg2-13655=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-gpg2-13655=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gpg2-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gpg2-2.0.9-25.33.42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gpg2-lang-2.0.9-25.33.42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gpg2-2.0.9-25.33.42.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"gpg2-lang-2.0.9-25.33.42.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-09-18T10:55:23", "description": "USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and\nUbuntu 17.10. This update provides the corresponding update for GnuPG\n2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.\n\nMarcus Brinkmann discovered that during decryption or verification,\nGnuPG did not properly filter out terminal sequences when reporting\nthe original filename. An attacker could use this to specially craft a\nfile that would cause an application parsing GnuPG output to\nincorrectly interpret the status of the cryptographic operation\nreported by GnuPG.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-06-15T00:00:00", "title": "Ubuntu 14.04 LTS / 16.04 LTS : GnuPG 2 vulnerability (USN-3675-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "modified": "2018-06-15T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:gnupg2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3675-2.NASL", "href": "https://www.tenable.com/plugins/nessus/110549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3675-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110549);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-12020\");\n script_xref(name:\"USN\", value:\"3675-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0193\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS : GnuPG 2 vulnerability (USN-3675-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and\nUbuntu 17.10. This update provides the corresponding update for GnuPG\n2 in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.\n\nMarcus Brinkmann discovered that during decryption or verification,\nGnuPG did not properly filter out terminal sequences when reporting\nthe original filename. An attacker could use this to specially craft a\nfile that would cause an application parsing GnuPG output to\nincorrectly interpret the status of the cryptographic operation\nreported by GnuPG.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3675-2/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected gnupg2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/06/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"gnupg2\", pkgver:\"2.0.22-3ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"gnupg2\", pkgver:\"2.1.11-6ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:35:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "**Issue Overview:**\n\nA data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. ([CVE-2018-12020 __](<https://access.redhat.com/security/cve/CVE-2018-12020>))\n\n \n**Affected Packages:** \n\n\ngnupg, gnupg2\n\n \n**Issue Correction:** \nRun _yum update gnupg_ to update your system. \nRun _yum update gnupg2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnupg-1.4.19-1.29.amzn1.i686 \n gnupg-debuginfo-1.4.19-1.29.amzn1.i686 \n gnupg2-smime-2.0.28-2.32.amzn1.i686 \n gnupg2-debuginfo-2.0.28-2.32.amzn1.i686 \n gnupg2-2.0.28-2.32.amzn1.i686 \n \n src: \n gnupg-1.4.19-1.29.amzn1.src \n gnupg2-2.0.28-2.32.amzn1.src \n \n x86_64: \n gnupg-1.4.19-1.29.amzn1.x86_64 \n gnupg-debuginfo-1.4.19-1.29.amzn1.x86_64 \n gnupg2-smime-2.0.28-2.32.amzn1.x86_64 \n gnupg2-debuginfo-2.0.28-2.32.amzn1.x86_64 \n gnupg2-2.0.28-2.32.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2018-06-27T21:57:00", "published": "2018-06-27T21:57:00", "id": "ALAS-2018-1045", "href": "https://alas.aws.amazon.com/ALAS-2018-1045.html", "title": "Important: gnupg, gnupg2", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-10T12:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "**Issue Overview:**\n\nA data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.([CVE-2018-12020 __](<https://access.redhat.com/security/cve/CVE-2018-12020>))\n\n \n**Affected Packages:** \n\n\ngnupg2\n\n \n**Issue Correction:** \nRun _yum update gnupg2_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n gnupg2-2.0.22-5.amzn2.0.2.i686 \n gnupg2-smime-2.0.22-5.amzn2.0.2.i686 \n gnupg2-debuginfo-2.0.22-5.amzn2.0.2.i686 \n \n src: \n gnupg2-2.0.22-5.amzn2.0.2.src \n \n x86_64: \n gnupg2-2.0.22-5.amzn2.0.2.x86_64 \n gnupg2-smime-2.0.22-5.amzn2.0.2.x86_64 \n gnupg2-debuginfo-2.0.22-5.amzn2.0.2.x86_64 \n \n \n", "edition": 1, "modified": "2018-08-08T16:34:00", "published": "2018-08-08T16:34:00", "id": "ALAS2-2018-1045", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1045.html", "title": "Important: gnupg2", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:40:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "USN-3675-1 fixed a vulnerability in GnuPG. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nMarcus Brinkmann discovered that during decryption or verification, \nGnuPG did not properly filter out terminal sequences when reporting the \noriginal filename. An attacker could use this to specially craft a file \nthat would cause an application parsing GnuPG output to incorrectly \ninterpret the status of the cryptographic operation reported by GnuPG. \n(CVE-2018-12020)", "edition": 7, "modified": "2018-06-18T00:00:00", "published": "2018-06-18T00:00:00", "id": "USN-3675-3", "href": "https://ubuntu.com/security/notices/USN-3675-3", "title": "GnuPG vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-18T01:39:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and \nUbuntu 17.10. This update provides the corresponding update for GnuPG 2 \nin Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.\n\nOriginal advisory details:\n\nMarcus Brinkmann discovered that during decryption or verification, \nGnuPG did not properly filter out terminal sequences when reporting the \noriginal filename. An attacker could use this to specially craft a file \nthat would cause an application parsing GnuPG output to incorrectly \ninterpret the status of the cryptographic operation reported by GnuPG.", "edition": 7, "modified": "2018-06-15T00:00:00", "published": "2018-06-15T00:00:00", "id": "USN-3675-2", "href": "https://ubuntu.com/security/notices/USN-3675-2", "title": "GnuPG 2 vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:34:01", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020", "CVE-2018-9234"], "description": "Marcus Brinkmann discovered that during decryption or verification, \nGnuPG did not properly filter out terminal sequences when reporting the \noriginal filename. An attacker could use this to specially craft a file \nthat would cause an application parsing GnuPG output to incorrectly \ninterpret the status of the cryptographic operation reported by GnuPG. \n(CVE-2018-12020)\n\nLance Vick discovered that GnuPG did not enforce configurations where \nkey certification required an offline master Certify key. An attacker \nwith access to a signing subkey could generate certifications that \nappeared to be valid. This issue only affected Ubuntu 18.04 LTS. \n(CVE-2018-9234)", "edition": 6, "modified": "2018-06-11T00:00:00", "published": "2018-06-11T00:00:00", "id": "USN-3675-1", "href": "https://ubuntu.com/security/notices/USN-3675-1", "title": "GnuPG vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:39:25", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020", "CVE-2019-6690"], "description": "Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain \ncommand line parameters. A remote attacker could use this to spoof the output of \nGnuPG and cause unsigned e-mail to appear signed. \n(CVE-2018-12020)\n\nIt was discovered that python-gnupg incorrectly handled the GPG passphrase. A \nremote attacker could send a specially crafted passphrase that would allow them \nto control the output of encryption and decryption operations. \n(CVE-2019-6690)", "edition": 3, "modified": "2019-05-02T00:00:00", "published": "2019-05-02T00:00:00", "id": "USN-3964-1", "href": "https://ubuntu.com/security/notices/USN-3964-1", "title": "python-gnupg vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:36:16", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/gnupg-1.4.23-i586-1_slack14.2.txz: Upgraded.\n Sanitize the diagnostic output of the original file name in verbose mode.\n By using a made up file name in the message it was possible to fake status\n messages. Using this technique it was for example possible to fake the\n verification status of a signed mail.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/gnupg-1.4.23-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/gnupg-1.4.23-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/gnupg-1.4.23-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/gnupg-1.4.23-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg-1.4.23-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg-1.4.23-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg-1.4.23-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg-1.4.23-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg-1.4.23-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg-1.4.23-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg-1.4.23-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg-1.4.23-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg-1.4.23-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg-1.4.23-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\ne3fd748746eebd7c73a37ee7b9a6fc8d gnupg-1.4.23-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n86b54ca9798d4165e8ebeb896111b6d4 gnupg-1.4.23-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nc0e29f1d4533c0ca87af087d6499bf06 gnupg-1.4.23-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nd82a4e0e70df7505ee5a1ae43310a02f gnupg-1.4.23-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nd8ab207d74fefc379e4b1f0a100031c9 gnupg-1.4.23-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n0b118525aa8221af24a016dca610131e gnupg-1.4.23-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ne3adf42872a9802e493e5b64308a63f8 gnupg-1.4.23-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ne529dd67cf4b3f3d07d182a006a3a4d0 gnupg-1.4.23-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9c357070da7b83d54ec78bcd6153634d gnupg-1.4.23-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1bb034ddc21cabd485ea11b0a52ddc45 gnupg-1.4.23-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ne1f3ce5a7792f1d5114016a4422e89d6 gnupg-1.4.23-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n03b9ee586771e16030060a0f19be78e1 gnupg-1.4.23-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n5fbae3f3c437309df772713b4d3f6550 n/gnupg-1.4.23-i586-1.txz\n\nSlackware x86_64 -current package:\nf0d9b825caf815938f60caf3a7839886 n/gnupg-1.4.23-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnupg-1.4.23-i586-1_slack14.2.txz", "modified": "2018-06-19T22:39:15", "published": "2018-06-19T22:39:15", "id": "SSA-2018-170-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.549260", "type": "slackware", "title": "[slackware-security] gnupg", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-10-25T16:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "New gnupg2 packages are available for Slackware 13.37, 14.0, 14.1, 14.2, and\n- -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz: Upgraded.\n Sanitize the diagnostic output of the original file name in verbose mode.\n By using a made up file name in the message it was possible to fake status\n messages. Using this technique it was for example possible to fake the\n verification status of a signed mail.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/gnupg2-2.0.31-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/gnupg2-2.0.31-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/gnupg2-2.0.31-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/gnupg2-2.0.31-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/gnupg2-2.0.31-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/gnupg2-2.0.31-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/gnupg2-2.0.31-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/gnupg2-2.0.31-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnupg2-2.2.8-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/gnupg2-2.2.8-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.37 package:\n65c32255acff00361bd24e5353554c80 gnupg2-2.0.31-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n7d03704928494b4c6b12d98c26de0a46 gnupg2-2.0.31-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nd9f38f11df078182129e0059d49cf547 gnupg2-2.0.31-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nc32f666c0248264020f2a90e3510b1c2 gnupg2-2.0.31-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n54a17edf49c1fa17cb9be1c0213d37f9 gnupg2-2.0.31-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nfd5fd7da3a7cddc25a9b8beff8ed4bfc gnupg2-2.0.31-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n23ef6d14bbaf7c4d33dae51086a6396a gnupg2-2.0.31-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n12491aecdc47b0064974465969162a40 gnupg2-2.0.31-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n5822b4be4db3c8512f44d843655fd363 n/gnupg2-2.2.8-i586-1.txz\n\nSlackware x86_64 -current package:\n379d6ef97f9d801bd112ceaef2ce0706 n/gnupg2-2.2.8-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnupg2-2.0.31-i586-1_slack14.2.txz", "modified": "2018-06-08T20:37:18", "published": "2018-06-08T20:37:18", "id": "SSA-2018-159-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.472083", "type": "slackware", "title": "[slackware-security] gnupg2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "Arch Linux Security Advisory ASA-201806-8\n=========================================\n\nSeverity: High\nDate : 2018-06-11\nCVE-ID : CVE-2018-12020\nPackage : gnupg\nType : content spoofing\nRemote : Yes\nLink : https://security.archlinux.org/AVG-713\n\nSummary\n=======\n\nThe package gnupg before version 2.2.8-1 is vulnerable to content\nspoofing.\n\nResolution\n==========\n\nUpgrade to 2.2.8-1.\n\n# pacman -Syu \"gnupg>=2.2.8-1\"\n\nThe problem has been fixed upstream in version 2.2.8.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue has been found in gnupg before 2.2.8, leading to the\npossibility of faking verification status of signed content. The\nOpenPGP protocol allows to include the file name of the original input\nfile into a signed or encrypted message. During decryption and\nverification the GPG tool can display a notice with that file name. The\ndisplayed file name is not sanitized and as such may include line feeds\nor other control characters. This can be used inject terminal control\nsequences into the out and, worse, to fake the so-called status\nmessages. These status messages are parsed by programs to get\ninformation from gpg about the validity of a signature and an other\nparameters. Status messages are created with the option \"--status-fd N\"\nwhere N is a file descriptor. Now if N is 2 the status messages and the\nregular diagnostic messages share the stderr output channel. By using a\nmade up file name in the message it is possible to fake status\nmessages. Using this technique it is for example possible to fake the\nverification status of a signed mail.\n\nImpact\n======\n\nA remote attacker might be able to fake the verification status of a\nsigned e-mail or file, via a crafted file name.\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/58931\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html\nhttps://dev.gnupg.org/T4012\nhttps://dev.gnupg.org/rG210e402acd3e284b32db1901e43bf1470e659e49\nhttps://security.archlinux.org/CVE-2018-12020", "modified": "2018-06-11T00:00:00", "published": "2018-06-11T00:00:00", "id": "ASA-201806-8", "href": "https://security.archlinux.org/ASA-201806-8", "type": "archlinux", "title": "[ASA-201806-8] gnupg: content spoofing", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-09-04T00:56:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4222-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnupg2\nCVE ID : CVE-2018-12020\n\nMarcus Brinkmann discovered that GnuGPG performed insufficient\nsanitisation of file names displayed in status messages, which could be\nabused to fake the verification status of a signed email.\n\nDetails can be found in the upstream advisory at\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.0.26-6+deb8u2.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.1.18-8~deb9u2.\n\nWe recommend that you upgrade your gnupg2 packages.\n\nFor the detailed security status of gnupg2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/gnupg2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 14, "modified": "2018-06-08T21:51:57", "published": "2018-06-08T21:51:57", "id": "DEBIAN:DSA-4222-1:E134E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00151.html", "title": "[SECURITY] [DSA 4222-1] gnupg2 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T01:02:26", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4223-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnupg1\nCVE ID : CVE-2018-12020\nDebian Bug : 901088\n\nMarcus Brinkmann discovered that GnuGPG performed insufficient\nsanitisation of file names displayed in status messages, which could be\nabused to fake the verification status of a signed email.\n\nDetails can be found in the upstream advisory at\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.4.21-4+deb9u1.\n\nWe recommend that you upgrade your gnupg1 packages.\n\nFor the detailed security status of gnupg1 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/gnupg1\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2018-06-08T21:51:59", "published": "2018-06-08T21:51:59", "id": "DEBIAN:DSA-4223-1:2BDEC", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00152.html", "title": "[SECURITY] [DSA 4223-1] gnupg1 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-08-12T00:57:03", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4224-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 08, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gnupg\nCVE ID : CVE-2018-12020\n\nMarcus Brinkmann discovered that GnuGPG performed insufficient\nsanitisation of file names displayed in status messages, which could be\nabused to fake the verification status of a signed email.\n\nDetails can be found in the upstream advisory at\nhttps://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1.4.18-7+deb8u5.\n\nWe recommend that you upgrade your gnupg packages.\n\nFor the detailed security status of gnupg please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/gnupg\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2018-06-08T21:52:12", "published": "2018-06-08T21:52:12", "id": "DEBIAN:DSA-4224-1:F5240", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00153.html", "title": "[SECURITY] [DSA 4224-1] gnupg security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "thn": [{"lastseen": "2018-06-15T11:29:20", "bulletinFamily": "info", "cvelist": ["CVE-2018-12020"], "description": "[](<https://1.bp.blogspot.com/-RtGmUuuVevI/WyOGuzAPYfI/AAAAAAAAxFo/pzVV1GQXA-YRMpOsjrihKh3B0y2QfKi8gCLcBGAs/s728-e100/gnupg-email-signature-spoof.png>)\n\nA security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for encrypting and digitally signing messages. \n \nThe disclosure comes almost a month after researchers revealed a series of flaws, dubbed **[eFail](<https://thehackernews.com/2018/05/pgp-smime-email-encryption.html>)**, in PGP and S/Mime encryption tools that could allow attackers to [reveal encrypted emails in plaintext](<https://thehackernews.com/2018/05/efail-pgp-email-encryption.html>), affecting a variety of email programs, including Thunderbird, Apple Mail, and Outlook. \n \nSoftware developer Marcus Brinkmann [discovered](<https://neopg.io/blog/gpg-signature-spoof/#proof-of-concept-ii-signature-and-encryption-spoof-enigmail>) that an input sanitization vulnerability, which he dubbed **SigSpoof**, makes it possible for attackers to fake digital signatures with someone's public key or key ID, without requiring any of the private or public keys involved. \n\n\n \nThe vulnerability, tracked as [CVE-2018-12020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020>), affects popular email applications including GnuPG, Enigmail, GPGTools and python-gnupg, and have now been patched in their latest available software updates. \n \nAs explained by the researcher, the OpenPGP protocol allows to include the \"filename\" parameter of the original input file into the signed or encrypted messages, combining it with the GnuPG status messages (including signature information) in a single data pipe (literal data packets) by adding a predefined keyword to separate them. \n\n\n> \"These status messages are parsed by programs to get information from gpg about the validity of a signature and other parameters,\" GnuPG maintainer Werner Koch said in an advisory [published](<https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html>) today.\n\nDuring the decryption of the message at recipient's end, the client application splits up the information using that keyword and displays the message with a valid signature, if the user has the verbose option enabled in their gpg.conf file. \n\n\n[](<https://1.bp.blogspot.com/-PnjRXuc4c14/WyOF44GOpAI/AAAAAAAAxFg/zAQQ3EoK5Pc3BEDOTagCq5BtbcW8b75HwCLcBGAs/s728-e100/gpg-email-encryption-hack.png>)\n\nHowever, the researcher finds that the included file name, which can be up to 255 characters, does not properly get sanitized by the affected tools, potentially allowing an attacker to \"include line feeds or other control characters in it.\" \n \nBrinkmann demonstrates how this loophole can be used to inject arbitrary (fake) GnuPG status messages into the application parser in an attempt to spoof signature verification and message decryption results. \n\n\n \n\n\n> \"The attack is very powerful, and the message does not even need to be encrypted at all. A single literal data (aka 'plaintext') packet is a perfectly valid OpenPGP message, and already contains the 'name of the encrypted file' used in the attack, even though there is no encryption,\" Brinkmann says.\n\nThe researcher also believes that the flaw has the potential to affect \"a large part of our core infrastructure\" that went well beyond encrypted email, since \"GnuPG is not only used for email security but also to secure backups, software updates in distributions, and source code in version control systems like Git.\" \n \nBrinkmann also shared three proofs-of-concept showing how signatures can be spoofed in Enigmail and GPGTools, how the signature and encryption can be spoofed in Enigmail, as well as how a signature can be spoofed on the command line. \n \nSince maintainers of three popular email clients have patched the issue, users are advised to upgrade their software to the latest versions. \n\n\n * Upgrade to [GnuPG 2.2.8](<https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html>) or GnuPG 1.4.23\n * Upgrade to [Enigmail 2.0.7](<https://sourceforge.net/p/enigmail/forum/announce/thread/b948279f/>)\n * Upgrade to [GPGTools 2018.3](<https://gpgtools.org/>)\nIf you are a developer, you are recommended to add --no-verbose\" to all invocations of GPG and upgrade to [python-gnupg 0.4.3](<https://groups.google.com/forum/#!topic/python-gnupg/2yAlj_F2S1g>). \n \nApplications using GPGME as the crypto engine are safe. Also, GnuPG with --status-fd compilation flag set and --verbose flag not set are safe.\n", "modified": "2018-06-15T09:52:36", "published": "2018-06-15T09:52:00", "id": "THN:7AF4F467FCD2B758CD46FDBECE48E35F", "href": "https://thehackernews.com/2018/06/gnupg-encryption-signature.html", "type": "thn", "title": "GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2018-06-16T17:08:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "This update for python-python-gnupg to version 0.4.3 fixes the following\n issues:\n\n The following security vulnerabilities were addressed:\n\n - Sanitize diagnostic output of the original file name in verbose mode\n (CVE-2018-12020 boo#1096745)\n\n The following other changes were made:\n\n - Add --no-verbose to the gpg command line, in case verbose is specified\n is gpg.conf.\n - Add expect_passphrase password for use on GnuPG >= 2.1 when passing\n passphrase to gpg via pinentry\n - Provide a trust_keys method to allow setting the trust level for keys\n - When the gpg executable is not found, note the path used in the\n exception message\n - Make error messages more informational\n\n", "edition": 1, "modified": "2018-06-16T15:12:27", "published": "2018-06-16T15:12:27", "id": "OPENSUSE-SU-2018:1722-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00033.html", "title": "Security update for python-python-gnupg (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-06-16T17:08:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "This update for gpg2 fixes the following security issue:\n\n - CVE-2018-12020: GnuPG mishandled the original filename during decryption\n and verification actions, which allowed remote attackers to spoof the\n output that GnuPG sends on file descriptor 2 to other programs that use\n the "--status-fd 2"\n option (bsc#1096745)\n\n", "edition": 1, "modified": "2018-06-16T15:13:42", "published": "2018-06-16T15:13:42", "id": "OPENSUSE-SU-2018:1724-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00034.html", "title": "Security update for gpg2 (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-06-15T23:06:10", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020", "CVE-2018-12019"], "description": "This update for enigmail fixes vulnerabilities that allowed spoofing of\n e-mail signatures:\n\n - CVE-2018-12019: signature spoofing via specially crafted OpenPGP user\n IDs (boo#1097525)\n - CVE-2018-12020: signature spoofing via diagnostic output of the original\n file name in GnuPG verbose mode (boo#1096745) This mitigation prevents\n CVE-2018-12020 from being exploited even if GnuPG is not patched.\n\n", "edition": 1, "modified": "2018-06-15T21:12:53", "published": "2018-06-15T21:12:53", "id": "OPENSUSE-SU-2018:1708-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00028.html", "title": "Security update for enigmail (moderate)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:47", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "[2.0.22-5]\n- fix CVE-2018-12020 - missing sanitization of original filename", "edition": 6, "modified": "2018-07-11T00:00:00", "published": "2018-07-11T00:00:00", "id": "ELSA-2018-2181", "href": "http://linux.oracle.com/errata/ELSA-2018-2181.html", "title": "gnupg2 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "[2.0.14-9]\n- fix CVE-2018-12020 - missing sanitization of original filename", "edition": 5, "modified": "2018-07-11T00:00:00", "published": "2018-07-11T00:00:00", "id": "ELSA-2018-2180", "href": "http://linux.oracle.com/errata/ELSA-2018-2180.html", "title": "gnupg2 security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:45:08", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.\n\nSecurity Fix(es):\n\n* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-08-17T00:53:56", "published": "2018-07-11T23:49:05", "id": "RHSA-2018:2180", "href": "https://access.redhat.com/errata/RHSA-2018:2180", "type": "redhat", "title": "(RHSA-2018:2180) Important: gnupg2 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:47:00", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.\n\nSecurity Fix(es):\n\n* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-07-12T00:05:14", "published": "2018-07-11T23:49:36", "id": "RHSA-2018:2181", "href": "https://access.redhat.com/errata/RHSA-2018:2181", "type": "redhat", "title": "(RHSA-2018:2181) Important: gnupg2 security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future. ", "modified": "2018-06-18T15:17:56", "published": "2018-06-18T15:17:56", "id": "FEDORA:2DDF66042B0E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: libgpg-error-1.31-1.fc27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionali ty is provided by the gnupg2-smime package. ", "modified": "2018-06-18T15:17:55", "published": "2018-06-18T15:17:55", "id": "FEDORA:D57626042B0A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: gnupg2-2.2.8-1.fc27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionali ty is provided by the gnupg2-smime package. ", "modified": "2018-06-18T16:20:35", "published": "2018-06-18T16:20:35", "id": "FEDORA:F13E1604948D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: gnupg2-2.2.8-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, pinentry, SmartCard Daemon and possibly more in the future. ", "modified": "2018-06-18T16:20:36", "published": "2018-06-18T16:20:36", "id": "FEDORA:AC0B8604948D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: libgpg-error-1.31-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). ", "modified": "2018-06-20T01:57:46", "published": "2018-06-20T01:57:46", "id": "FEDORA:0210D601DA49", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: gnupg-1.4.23-1.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). ", "modified": "2018-06-15T15:52:31", "published": "2018-06-15T15:52:31", "id": "FEDORA:4674E60F757C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: gnupg-1.4.22-7.fc28", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and creating digital signatures. GnuPG has advanced key management capabilities and is compliant with the proposed OpenPGP Internet standard described in RFC2440. Since GnuPG doesn't use any patented algorithm, it is not compatible with any version of PGP2 (PGP2.x uses only IDEA for symmetric-key encryption, which is patented worldwide). ", "modified": "2018-07-05T15:18:46", "published": "2018-07-05T15:18:46", "id": "FEDORA:420A76030B23", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: gnupg-1.4.23-1.fc27", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2020-12-08T03:35:49", "bulletinFamily": "unix", "cvelist": ["CVE-2018-12020"], "description": "**CentOS Errata and Security Advisory** CESA-2018:2181\n\n\nThe GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.\n\nSecurity Fix(es):\n\n* gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-July/035001.html\n\n**Affected packages:**\ngnupg2\ngnupg2-smime\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-07-13T16:27:56", "published": "2018-07-13T16:27:56", "id": "CESA-2018:2181", "href": "http://lists.centos.org/pipermail/centos-announce/2018-July/035001.html", "title": "gnupg2 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:33:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-07-06T00:00:00", "id": "OPENVAS:1361412562310874775", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874775", "type": "openvas", "title": "Fedora Update for gnupg FEDORA-2018-69780fc4d7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_69780fc4d7_gnupg_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gnupg FEDORA-2018-69780fc4d7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874775\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-06 06:04:36 +0200 (Fri, 06 Jul 2018)\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gnupg FEDORA-2018-69780fc4d7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnupg'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"gnupg on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-69780fc4d7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QC7Y72LI3TU6QVG6T2YZRHTXTP4TGTA2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg\", rpm:\"gnupg~1.4.23~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191457", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191457", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2019-1457)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1457\");\n script_version(\"2020-01-23T11:48:02+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:48:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:48:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2019-1457)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1457\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1457\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2019-1457 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output.(CVE-2018-12020)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-19T00:00:00", "id": "OPENVAS:1361412562310874702", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874702", "type": "openvas", "title": "Fedora Update for libgpg-error FEDORA-2018-84fdbd021f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_84fdbd021f_libgpg-error_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgpg-error FEDORA-2018-84fdbd021f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874702\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-19 06:13:47 +0200 (Tue, 19 Jun 2018)\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgpg-error FEDORA-2018-84fdbd021f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgpg-error'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libgpg-error on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-84fdbd021f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AREETAKQ4V4YJ6UAAMG3IYUVHYHSSS2I\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgpg-error\", rpm:\"libgpg-error~1.31~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-04T18:56:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "Marcus Brinkmann discovered that GnuPG performed insufficient\nsanitisation of file names displayed in status messages, which could be\nabused to fake the verification status of a signed email.", "modified": "2019-07-04T00:00:00", "published": "2018-06-08T00:00:00", "id": "OPENVAS:1361412562310704224", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704224", "type": "openvas", "title": "Debian Security Advisory DSA 4224-1 (gnupg - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4224-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704224\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_name(\"Debian Security Advisory DSA 4224-1 (gnupg - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 00:00:00 +0200 (Fri, 08 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4224.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"gnupg on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1.4.18-7+deb8u5.\n\nWe recommend that you upgrade your gnupg packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/gnupg\");\n script_tag(name:\"summary\", value:\"Marcus Brinkmann discovered that GnuPG performed insufficient\nsanitisation of file names displayed in status messages, which could be\nabused to fake the verification status of a signed email.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"gnupg\", ver:\"1.4.18-7+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gnupg-curl\", ver:\"1.4.18-7+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gpgv\", ver:\"1.4.18-7+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gpgv-win32\", ver:\"1.4.18-7+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181221", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1221)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1221\");\n script_version(\"2020-01-23T11:17:55+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1221)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1221\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1221\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2018-1221 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:37:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181324", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181324", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1324)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1324\");\n script_version(\"2020-01-23T11:21:46+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:21:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:21:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1324)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1324\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1324\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2018-1324 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~3.h1\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:39:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181223", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1223)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1223\");\n script_version(\"2020-01-23T11:18:00+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:18:00 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:18:00 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1223)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1223\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1223\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2018-1223 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-19T00:00:00", "id": "OPENVAS:1361412562310874705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874705", "type": "openvas", "title": "Fedora Update for gnupg2 FEDORA-2018-84fdbd021f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_84fdbd021f_gnupg2_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for gnupg2 FEDORA-2018-84fdbd021f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874705\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-19 06:13:58 +0200 (Tue, 19 Jun 2018)\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gnupg2 FEDORA-2018-84fdbd021f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gnupg2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gnupg2 on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-84fdbd021f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FB7457TYYCRMH76H5FTYMXXPGC547AD6\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.2.8~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-27T18:33:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181333", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181333", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1333)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1333\");\n script_version(\"2020-01-23T11:22:02+0000\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:22:02 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:22:02 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2018-1333)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1333\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1333\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gnupg2' package(s) announced via the EulerOS-SA-2018-1333 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)\");\n\n script_tag(name:\"affected\", value:\"'gnupg2' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gnupg2\", rpm:\"gnupg2~2.0.22~3.h1\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:32:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-12020"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-06-19T00:00:00", "id": "OPENVAS:1361412562310874700", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874700", "type": "openvas", "title": "Fedora Update for libgpg-error FEDORA-2018-3dc16842e2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_3dc16842e2_libgpg-error_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for libgpg-error FEDORA-2018-3dc16842e2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874700\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-19 06:13:33 +0200 (Tue, 19 Jun 2018)\");\n script_cve_id(\"CVE-2018-12020\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for libgpg-error FEDORA-2018-3dc16842e2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libgpg-error'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"libgpg-error on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-3dc16842e2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVLFADU5FRH4NHJXAFXEQELHAQ4L4BCQ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"libgpg-error\", rpm:\"libgpg-error~1.31~1.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
