Slackware Local Security Checks : Slackware: Security Advisory (SSA:2018-170-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.13.2018.170.01

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2018-170-01)

Resumen: The remote host is missing an update for the 'gnupg' package(s) announced via the SSA:2018-170-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gnupg' package(s) announced via the SSA:2018-170-01 advisory.

Vulnerability Insight:
New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gnupg-1.4.23-i586-1_slack14.2.txz: Upgraded.
Sanitize the diagnostic output of the original file name in verbose mode.
By using a made up file name in the message it was possible to fake status
messages. Using this technique it was for example possible to fake the
verification status of a signed mail.
For more information, see:
[link moved to references]
(* Security fix *)
+--------------------------+

Affected Software/OS:
'gnupg' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-12020
BugTraq ID: 104450
http://www.securityfocus.com/bid/104450
Debian Security Information: DSA-4222 (Google Search)
https://www.debian.org/security/2018/dsa-4222
Debian Security Information: DSA-4223 (Google Search)
https://www.debian.org/security/2018/dsa-4223
Debian Security Information: DSA-4224 (Google Search)
https://www.debian.org/security/2018/dsa-4224
http://seclists.org/fulldisclosure/2019/Apr/38
http://openwall.com/lists/oss-security/2018/06/08/2
http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html
https://dev.gnupg.org/T4012
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html
http://www.openwall.com/lists/oss-security/2019/04/30/4
RedHat Security Advisories: RHSA-2018:2180
https://access.redhat.com/errata/RHSA-2018:2180
RedHat Security Advisories: RHSA-2018:2181
https://access.redhat.com/errata/RHSA-2018:2181
http://www.securitytracker.com/id/1041051
https://usn.ubuntu.com/3675-1/
https://usn.ubuntu.com/3675-2/
https://usn.ubuntu.com/3675-3/
https://usn.ubuntu.com/3964-1/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.13.2018.170.01
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2018-170-01)
Resumen:	The remote host is missing an update for the 'gnupg' package(s) announced via the SSA:2018-170-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gnupg' package(s) announced via the SSA:2018-170-01 advisory. Vulnerability Insight: New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/gnupg-1.4.23-i586-1_slack14.2.txz: Upgraded. Sanitize the diagnostic output of the original file name in verbose mode. By using a made up file name in the message it was possible to fake status messages. Using this technique it was for example possible to fake the verification status of a signed mail. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'gnupg' package(s) on Slackware 13.0, Slackware 13.1, Slackware 13.37, Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12020 BugTraq ID: 104450 http://www.securityfocus.com/bid/104450 Debian Security Information: DSA-4222 (Google Search) https://www.debian.org/security/2018/dsa-4222 Debian Security Information: DSA-4223 (Google Search) https://www.debian.org/security/2018/dsa-4223 Debian Security Information: DSA-4224 (Google Search) https://www.debian.org/security/2018/dsa-4224 http://seclists.org/fulldisclosure/2019/Apr/38 http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny-You-Are-Fired https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html http://www.openwall.com/lists/oss-security/2019/04/30/4 RedHat Security Advisories: RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2180 RedHat Security Advisories: RHSA-2018:2181 https://access.redhat.com/errata/RHSA-2018:2181 http://www.securitytracker.com/id/1041051 https://usn.ubuntu.com/3675-1/ https://usn.ubuntu.com/3675-2/ https://usn.ubuntu.com/3675-3/ https://usn.ubuntu.com/3964-1/
Copyright	Copyright (C) 2022 Greenbone AG