First published: Mon Jun 18 2018(Updated: )
USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. (CVE-2018-12020)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/gnupg | <1.4.11-3ubuntu2.11 | 1.4.11-3ubuntu2.11 |
=12.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this GnuPG vulnerability is USN-3675-3.
The GnuPG vulnerability affects GnuPG version 1.4.11-3ubuntu2.11 on Ubuntu 12.04.
The severity of the GnuPG vulnerability (USN-3675-3) is not specified in the provided information. Please refer to the official references for more details.
To fix the GnuPG vulnerability (USN-3675-3), update GnuPG to version 1.4.11-3ubuntu2.11 or later.
You can find more information about the GnuPG vulnerability (USN-3675-3) in the provided references: [CVE-2018-12020](https://ubuntu.com/security/CVE-2018-12020), [USN-3675-2](https://ubuntu.com/security/notices/USN-3675-2), [USN-3675-1](https://ubuntu.com/security/notices/USN-3675-1).