EulerOS Virtualization 2.5.0 : gnupg2 (EulerOS-SA-2018-1333)
Medium Nessus Plugin ID 118421
SynopsisThe remote EulerOS Virtualization host is missing a security update.
DescriptionAccording to the version of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- A data validation flaw was found in the way gnupg processes file names during decryption and signature validation. An attacker may be able to inject messages into gnupg verbose message logging which may have the potential to bypass the integrity of signature authentication mechanisms and could have other unintended consequences if applications take action(s) based on parsed verbose gnupg output. (CVE-2018-12020)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected gnupg2 package.