CVE-2018-12020
Publication date 8 June 2018
Last updated 24 July 2024
Ubuntu priority
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.
From the Ubuntu Security Team
Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| enigmail | 25.04 plucky | Not in release |
| 24.10 oracular | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Vulnerable
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty | Not in release | |
| gnupg | 25.04 plucky | Not in release |
| 24.10 oracular | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 1.4.20-1ubuntu3.2
|
|
| 14.04 LTS trusty |
Fixed 1.4.16-1ubuntu2.5
|
|
| gnupg1 | 25.04 plucky |
Not affected
|
| 24.10 oracular |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| gnupg2 | 25.04 plucky |
Fixed 2.2.8-1ubuntu1
|
| 24.10 oracular |
Fixed 2.2.8-1ubuntu1
|
|
| 24.04 LTS noble |
Fixed 2.2.8-1ubuntu1
|
|
| 22.04 LTS jammy |
Fixed 2.2.8-1ubuntu1
|
|
| 20.04 LTS focal |
Fixed 2.2.8-1ubuntu1
|
|
| 18.04 LTS bionic |
Fixed 2.2.4-1ubuntu1.1
|
|
| 16.04 LTS xenial |
Fixed 2.1.11-6ubuntu2.1
|
|
| 14.04 LTS trusty |
Fixed 2.0.22-3ubuntu1.4
|
|
| python-gnupg | 25.04 plucky |
Not affected
|
| 24.10 oracular |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Fixed 0.4.1-1ubuntu1.18.04.1
|
|
| 16.04 LTS xenial |
Fixed 0.3.8-2ubuntu0.1~esm1
|
|
| 14.04 LTS trusty |
Fixed 0.3.6-1ubuntu0.1~esm1
|
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-3675-3
- GnuPG vulnerability
- 18 June 2018
- USN-3675-2
- GnuPG 2 vulnerability
- 15 June 2018
- USN-3675-1
- GnuPG vulnerabilities
- 11 June 2018
- USN-3964-1
- python-gnupg vulnerabilities
- 2 May 2019
- USN-4839-1
- python-gnupg vulnerabilities
- 15 March 2021
Other references
- https://dev.gnupg.org/T4012
- https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=210e402acd3e284b32db1901e43bf1470e659e49 (STABLE-BRANCH-2-2)
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2326851c60793653069494379b16d84e4c10a0ac (STABLE-BRANCH-1-4)
- https://sourceforge.net/p/enigmail/forum/announce/thread/b948279f/
- https://neopg.io/blog/gpg-signature-spoof/
- https://www.cve.org/CVERecord?id=CVE-2018-12020