Test ID:	1.3.6.1.4.1.25623.1.1.12.2021.4839.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4839-1)
Summary:	The remote host is missing an update for the 'python-gnupg' package(s) announced via the USN-4839-1 advisory.
Description:	Summary: The remote host is missing an update for the 'python-gnupg' package(s) announced via the USN-4839-1 advisory. Vulnerability Insight: Marcus Brinkmann discovered that python-gnupg improperly handled certain command line parameters. A remote attacker could use this to spoof the output of python-gnupg and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Affected Software/OS: 'python-gnupg' package(s) on Ubuntu 14.04, Ubuntu 16.04. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12020 BugTraq ID: 104450 http://www.securityfocus.com/bid/104450 Debian Security Information: DSA-4222 (Google Search) https://www.debian.org/security/2018/dsa-4222 Debian Security Information: DSA-4223 (Google Search) https://www.debian.org/security/2018/dsa-4223 Debian Security Information: DSA-4224 (Google Search) https://www.debian.org/security/2018/dsa-4224 http://seclists.org/fulldisclosure/2019/Apr/38 http://openwall.com/lists/oss-security/2018/06/08/2 http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html https://dev.gnupg.org/T4012 https://github.com/RUB-NDS/Johnny-You-Are-Fired https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html https://lists.debian.org/debian-lts-announce/2021/12/msg00027.html http://www.openwall.com/lists/oss-security/2019/04/30/4 RedHat Security Advisories: RHSA-2018:2180 https://access.redhat.com/errata/RHSA-2018:2180 RedHat Security Advisories: RHSA-2018:2181 https://access.redhat.com/errata/RHSA-2018:2181 http://www.securitytracker.com/id/1041051 https://usn.ubuntu.com/3675-1/ https://usn.ubuntu.com/3675-2/ https://usn.ubuntu.com/3675-3/ https://usn.ubuntu.com/3964-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-6690 BugTraq ID: 106756 http://www.securityfocus.com/bid/106756 Bugtraq: 20190125 CVE-2019-6690: Improper Input Validation in python-gnupg (Google Search) https://seclists.org/bugtraq/2019/Jan/41 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/ http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/ https://pypi.org/project/python-gnupg/#history https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html SuSE Security Announcement: SU-2019:0143-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html SuSE Security Announcement: SUSE-SU-2019:0239-1 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.