USN-3675-2: GnuPG 2 vulnerability
15 June 2018
GnuPG 2 could be made to present validity information incorrectly.
- gnupg2 - GNU privacy guard - a free PGP replacement
USN-3675-1 fixed a vulnerability in GnuPG 2 for Ubuntu 18.04 LTS and
Ubuntu 17.10. This update provides the corresponding update for GnuPG 2
in Ubuntu 16.04 LTS and Ubuntu 14.04 LTS.
Original advisory details:
Marcus Brinkmann discovered that during decryption or verification,
GnuPG did not properly filter out terminal sequences when reporting the
original filename. An attacker could use this to specially craft a file
that would cause an application parsing GnuPG output to incorrectly
interpret the status of the cryptographic operation reported by GnuPG.