5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
74.5%
Issue Overview:
A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)
Affected Packages:
gnupg, gnupg2
Issue Correction:
Run yum update gnupg to update your system.
Run yum update gnupg2 to update your system.
New Packages:
i686:
gnupg-1.4.19-1.29.amzn1.i686
gnupg-debuginfo-1.4.19-1.29.amzn1.i686
gnupg2-smime-2.0.28-2.32.amzn1.i686
gnupg2-debuginfo-2.0.28-2.32.amzn1.i686
gnupg2-2.0.28-2.32.amzn1.i686
src:
gnupg-1.4.19-1.29.amzn1.src
gnupg2-2.0.28-2.32.amzn1.src
x86_64:
gnupg-1.4.19-1.29.amzn1.x86_64
gnupg-debuginfo-1.4.19-1.29.amzn1.x86_64
gnupg2-smime-2.0.28-2.32.amzn1.x86_64
gnupg2-debuginfo-2.0.28-2.32.amzn1.x86_64
gnupg2-2.0.28-2.32.amzn1.x86_64
Red Hat: CVE-2018-12020
Mitre: CVE-2018-12020
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | gnupg | < 1.4.19-1.29.amzn1 | gnupg-1.4.19-1.29.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | gnupg-debuginfo | < 1.4.19-1.29.amzn1 | gnupg-debuginfo-1.4.19-1.29.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | gnupg2-smime | < 2.0.28-2.32.amzn1 | gnupg2-smime-2.0.28-2.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | gnupg2-debuginfo | < 2.0.28-2.32.amzn1 | gnupg2-debuginfo-2.0.28-2.32.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | gnupg2 | < 2.0.28-2.32.amzn1 | gnupg2-2.0.28-2.32.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | gnupg | < 1.4.19-1.29.amzn1 | gnupg-1.4.19-1.29.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | gnupg-debuginfo | < 1.4.19-1.29.amzn1 | gnupg-debuginfo-1.4.19-1.29.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | gnupg2-smime | < 2.0.28-2.32.amzn1 | gnupg2-smime-2.0.28-2.32.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | gnupg2-debuginfo | < 2.0.28-2.32.amzn1 | gnupg2-debuginfo-2.0.28-2.32.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | gnupg2 | < 2.0.28-2.32.amzn1 | gnupg2-2.0.28-2.32.amzn1.x86_64.rpm |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.004 Low
EPSS
Percentile
74.5%