22 matches found
Ubuntu: Security Advisory (USN-4839-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-2862-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2862-1] python-gnupg security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2862-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 29, 2021 https://wiki.debian.org/LTS -...
USN-4839-1: python-gnupg vulnerabilities
Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. CVE-2018-12020 It was discovered that python-gnupg incorrectly handled the GPG...
Fedora 31 : python-gnupg (2020-e67d007a67)
New python-gnupg version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Securit...
Fedora 32 : python-gnupg (2020-17fb3273b2)
New python-gnupg version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Securit...
Ubuntu: Security Advisory (USN-3964-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 18.04 LTS : python-gnupg vulnerabilities (USN-3964-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3964-1 advisory. Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the...
entweet (=2.0.0), irrd (=4.0.0rc1) +1 more potentially affected by CVE-2019-6690 via python-gnupg (>=0.3.9 <=0.4.3)
python-gnupg PYPI version =0.3.9, =0.16.8, =0.21.0 Source cves: CVE-2019-6690 Source advisory: OSV:GHSA-2FCH-JVG5-CRF6...
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
entweet (=2.0.0), irrd (=4.0.0rc1) +1 more potentially affected by CVE-2019-6690 via python-gnupg (>=0.3.9 <=0.4.3)
python-gnupg PYPI version =0.3.9, =0.16.8, =0.21.0 Source cves: CVE-2019-6690 Source advisory: OSV:PYSEC-2019-115...
UBUNTU-CVE-2019-6690
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting...
CVE-2019-6690
CVE-2019-6690 affects python-gnupg 0.4.3. A context-dependent flaw lets an attacker, if they control the GnuPG passphrase and the ciphertext is trusted, cause decryption of ciphertext other than intended (CWE-20: Improper Input Validation). Impact described in sources includes manipulation of enc...
Updated python-gnupg packages fix security vulnerability
When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...
MGASA-2019-0105 Updated python-gnupg packages fix security vulnerability
When symmetric encryption is used, data can be injected through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt methods. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on th...
OPENSUSE-SU-2019:0239-1 Security update for python-python-gnupg
This update for python-python-gnupg to version 0.4.4 fixes the following issues: Security issue fixed: - CVE-2019-6690: Added a check to disallow certain control characters '\r', '\n', NUL in passphrases boo1123498. This update was imported from the openSUSE:Leap:15.0:Update update project...
[SECURITY] [DLA 1675-1] python-gnupg security update
Package : python-gnupg Version : 0.3.6-1+deb8u1 CVE ID : CVE-2019-6690 Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt and gnupg.GPG.decrypt...
openSUSE: Security Advisory for python-python-gnupg (openSUSE-SU-2019:0143-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : python-python-gnupg (openSUSE-2019-143)
This update for python-python-gnupg to version 0.4.4 fixes the following issues : Security issue fixed : - CVE-2019-6690: Added a check to disallow certain control characters '\r', '\n', NUL in passphrases boo1123498. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...