[Announce] [security fix] GnuPG 2.2.8 released (CVE-2018-12020)

Mon Jun 11 11:07:37 CEST 2018

I did NOT encrypt the Message, just signed it with my PGP-Key - This
message is now without sign or encrypt

Am 2018-06-10 um 22:50 schrieb Jean-David Beyer:
> On 06/10/2018 01:25 PM, Juergen Bruckner wrote:
>> Hello Werner,
>>
>> i Use Linux Mint 18.3 with GnuPG 2.1.11; which is the easiest way to
>> Update it to 2.2.8?
>>
>>
>> I'm pretty new to the Linux-World, but as far i know i have NOT included
>> a "own" GnuPG Repo in my Repo-List.
>>
>> best regards
>> Juergen
>>
>> Am 2018-06-08 um 15:40 schrieb Werner Koch:
>>> Hello!
>>>
>>> We are pleased to announce the availability of a new GnuPG release:
>>> version 2.2.8.  This version fixes a critical security bug and comes
>>> with some other minor changes.
>>>
>>>
>>> Impact
>>> ======
>>>
>>> All current GnuPG versions are affected on all platforms.
>>>
>>> All mail clients and other applications which make use of GPG but are
>>> not utilizing the GPGME library might be affected.
>>>
>>> The OpenPGP protocol allows to include the file name of the original
>>> input file into a signed or encrypted message.  During decryption and
>>> verification the GPG tool can display a notice with that file name.  The
>>> displayed file name is not sanitized and as such may include line feeds
>>> or other control characters.  This can be used inject terminal control
>>> sequences into the out and, worse, to fake the so-called status
>>> messages.  These status messages are parsed by programs to get
>>> information from gpg about the validity of a signature and an other
>>> parameters.  Status messages are created with the option "--status-fd N"
>>> where N is a file descriptor.  Now if N is 2 the status messages and the
>>> regular diagnostic messages share the stderr output channel.  By using a
>>> made up file name in the message it is possible to fake status messages.
>>> Using this technique it is for example possible to fake the verification
>>> status of a signed mail.
>>>
>>> Although GnuPG takes great care to sanitize all diagnostic and status
>>> output, the case at hand was missed but finally found and reported by
>>> Marcus Brinkmann.  CVE-2018-12020 was assigned to this bug; GnuPG tracks
>>> it at <https://dev/gnupg.org/T4012>.
>>>
>>>
>>> Solution
>>> ========
>>>
>>> If your application uses GPGME your application is safe.  Fortunately
>>> most modern mail readers use GPGME, including GpgOL and KMail.  Mutt
>>> users should make sure to use "set crypt_use_gpgme".
>>>
>>> If you are parsing GnuPG status output and you use a dedicated file
>>> descriptor with --status-fd you are safe.  A dedicated file descriptor
>>> is one that is not shared with the log output.  The log output defaults
>>> to stderr (2) but may be a different if the option --logger-fd is used.
>>>
>>> If you are not using --verbose you are safe.  But take care: --verbose
>>> might be specified in the config file.  As a short term mitigation or if
>>> you can't immediately upgrade to the latest versions, you can add
>>> --no-verbose to the invocation of gpg.
>>>
>>> Another short term mitigation is to redirect the log output to a
>>> different file: For example "--log-file /dev/null".
>>>
>>> The suggested solution is to update to GnuPG 2.2.8 or a vendor provided
>>> update of their GnuPG version.
>>>
>>> To check whether the bug has been fixed you may use the simple test at
>>> the end of this mail [1].
>>>
>>>
>>> About GnuPG
>>> ===========
>>>
>>> The GNU Privacy Guard (GnuPG) is a complete and free implementation
>>> of the OpenPGP standard which is commonly abbreviated as PGP.
>>>
>>> GnuPG allows to encrypt and sign data and communication, features a
>>> versatile key management system as well as access modules for public key
>>> directories.  GnuPG itself is a command line tool with features for easy
>>> integration with other applications.  A wealth of frontend applications
>>> and libraries making use of GnuPG are available.  As an Universal Crypto
>>> Engine GnuPG provides support for S/MIME and Secure Shell in addition to
>>> OpenPGP.
>>>
>>> GnuPG is Free Software (meaning that it respects your freedom).  It can
>>> be freely used, modified and distributed under the terms of the GNU
>>> General Public License.
>>>
>>>
>>> Noteworthy changes in version 2.2.8
>>> ===================================
>>>
>>>   * gpg: Decryption of messages not using the MDC mode will now lead
>>>     to a hard failure even if a legacy cipher algorithm was used.  The
>>>     option --ignore-mdc-error can be used to turn this failure into a
>>>     warning.  Take care: Never use that option unconditionally or
>>>     without a prior warning.
>>>
>>>   * gpg: The MDC encryption mode is now always used regardless of the
>>>     cipher algorithm or any preferences.  For testing --rfc2440 can be
>>>     used to create a message without an MDC.
>>>
>>>   * gpg: Sanitize the diagnostic output of the original file name in
>>>     verbose mode.  [#4012,CVE-2018-12020]
>>>
>>>   * gpg: Detect suspicious multiple plaintext packets in a more
>>>     reliable way.  [#4000]
>>>
>>>   * gpg: Fix the duplicate key signature detection code.  [#3994]
>>>
>>>   * gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
>>>     --disable-mdc and --no-disable-mdc have no more effect.
>>>
>>>   * agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
>>>     list of startup environment variables.  [#3947]
>>>
>>>
>>> Getting the Software
>>> ====================
>>>
>>> Please follow the instructions found at <https://gnupg.org/download/> or
>>> read on:
>>>
>>> GnuPG 2.2.8 may be downloaded from one of the GnuPG mirror sites or
>>> direct from its primary FTP server.  The list of mirrors can be found at
>>> <https://gnupg.org/download/mirrors.html>.  Note that GnuPG is not
>>> available at ftp.gnu.org.
>>>
>>> The GnuPG source code compressed using BZIP2 and its OpenPGP signature
>>> are available here:
>>>
>>>  https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2 (6477k)
>>>  https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2.sig
>>>
>>> An installer for Windows without any graphical frontend except for a
>>> very minimal Pinentry tool is available here:
>>>
>>>  https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.8_20180608.exe (3916k)
>>>  https://gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.2.8_20180608.exe.sig
>>>
>>> The source used to build the Windows installer can be found in the same
>>> directory with a ".tar.xz" suffix.  A new Gpg4win installer featuring
>>> this version of GnuPG will be available soon.
>>>
>>>
>>> Checking the Integrity
>>> ======================
>>>
>>> In order to check that the version of GnuPG which you are going to
>>> install is an original and unmodified one, you can do it in one of
>>> the following ways:
>>>
>>>  * If you already have a version of GnuPG installed, you can simply
>>>    verify the supplied signature.  For example to verify the signature
>>>    of the file gnupg-2.2.8.tar.bz2 you would use this command:
>>>
>>>      gpg --verify gnupg-2.2.8.tar.bz2.sig gnupg-2.2.8.tar.bz2
>>>
>>>    This checks whether the signature file matches the source file.
>>>    You should see a message indicating that the signature is good and
>>>    made by one or more of the release signing keys.  Make sure that
>>>    this is a valid key, either by matching the shown fingerprint
>>>    against a trustworthy list of valid release signing keys or by
>>>    checking that the key has been signed by trustworthy other keys.
>>>    See the end of this mail for information on the signing keys.
>>>
>>>  * If you are not able to use an existing version of GnuPG, you have
>>>    to verify the SHA-1 checksum.  On Unix systems the command to do
>>>    this is either "sha1sum" or "shasum".  Assuming you downloaded the
>>>    file gnupg-2.2.8.tar.bz2, you run the command like this:
>>>
>>>      sha1sum gnupg-2.2.8.tar.bz2
>>>
>>>    and check that the output matches the next line:
>>>
>>> d87553a125832ea90e8aeb3ceeecf24f88de56fb  gnupg-2.2.8.tar.bz2
>>> 3126ec2b7005063cbff95792208796dfa42c2a22  gnupg-w32-2.2.8_20180608.tar.xz
>>> 231b29631647328934a35f8c6baa483e7594e26a  gnupg-w32-2.2.8_20180608.exe
>>>
>>>
>>> Internationalization
>>> ====================
>>>
>>> This version of GnuPG has support for 26 languages with Chinese, Czech,
>>> French, German, Japanese, Norwegian, Russian, and Ukrainian being almost
>>> completely translated.
>>>
>>>
>>> Documentation and Support
>>> =========================
>>>
>>> If you used GnuPG in the past you should read the description of
>>> changes and new features at doc/whats-new-in-2.1.txt or online at
>>>
>>>   https://gnupg.org/faq/whats-new-in-2.1.html
>>>
>>> The file gnupg.info has the complete reference manual of the system.
>>> Separate man pages are included as well but they miss some of the
>>> details availabale only in thee manual.  The manual is also available
>>> online at
>>>
>>>   https://gnupg.org/documentation/manuals/gnupg/
>>>
>>> or can be downloaded as PDF at
>>>
>>>   https://gnupg.org/documentation/manuals/gnupg.pdf .
>>>
>>> The chapters on gpg-agent, gpg and gpgsm include information on how to
>>> set up the whole thing.  You may also want to search the GnuPG mailing
>>> list archives or ask on the gnupg-users mailing list for advise on how
>>> to solve problems.  Most of the new features are around for several
>>> years and thus enough public experience is available.
>>>
>>> Please consult the archive of the gnupg-users mailing list before
>>> reporting a bug: <https://gnupg.org/documentation/mailing-lists.html>.
>>> We suggest to send bug reports for a new release to this list in favor
>>> of filing a bug at <https://bugs.gnupg.org>.  If you need commercial
>>> support check out <https://gnupg.org/service.html>.
>>>
>>> If you are a developer and you need a certain feature for your project,
>>> please do not hesitate to bring it to the gnupg-devel mailing list for
>>> discussion.
>>>
>>>
>>> Thanks
>>> ======
>>>
>>> Maintenance and development of GnuPG is mostly financed by donations.
>>> The GnuPG project currently employs one full-time developer and one
>>> contractor.  Both work exclusively on GnuPG and closely related software
>>> like Libgcrypt, GPGME, and GPA.  We are planning to extend our team
>>> again and to help developers to improve integration of crypto in their
>>> applications.
>>>
>>> We have to thank all the people who helped the GnuPG project, be it
>>> testing, coding, translating, suggesting, auditing, administering the
>>> servers, spreading the word, and answering questions on the mailing
>>> lists.
>>>
>>> Many thanks to our numerous financial supporters, both corporate and
>>> individuals.  Without you it would not be possible to keep GnuPG in a
>>> good shape and address all the small and larger requests made by our
>>> users.  Thanks.
>>>
>>>
>>> Happy hacking,
>>>
>>>    Your GnuPG hackers
>>>
>>>
>>>
>>> p.s.
>>> This is an announcement only mailing list.  Please send replies only to
>>> the gnupg-users'at'gnupg.org mailing list.
>>>
>>> p.p.s
>>> List of Release Signing Keys:
>>>
>>> To guarantee that a downloaded GnuPG version has not been tampered by
>>> malicious entities we provide signature files for all tarballs and
>>> binary versions.  The keys are also signed by the long term keys of
>>> their respective owners.  Current releases are signed by one or more
>>> of these four keys:
>>>
>>>   rsa2048 2011-01-12 [expires: 2019-12-31]
>>>   Key fingerprint = D869 2123 C406 5DEA 5E0F  3AB5 249B 39D2 4F25 E3B6
>>>   Werner Koch (dist sig)
>>>
>>>   rsa2048 2014-10-29 [expires: 2019-12-31]
>>>   Key fingerprint = 46CC 7308 65BB 5C78 EBAB  ADCF 0437 6F3E E085 6959
>>>   David Shaw (GnuPG Release Signing Key) <dshaw 'at' jabberwocky.com>
>>>
>>>   rsa2048 2014-10-29 [expires: 2020-10-30]
>>>   Key fingerprint = 031E C253 6E58 0D8E A286  A9F2 2071 B08A 33BD 3F06
>>>   NIIBE Yutaka (GnuPG Release Key) <gniibe 'at' fsij.org>
>>>
>>>   rsa3072 2017-03-17 [expires: 2027-03-15]
>>>   Key fingerprint = 5B80 C575 4298 F0CB 55D8  ED6A BCEF 7E29 4B09 2E28
>>>   Andre Heinecke (Release Signing Key)
>>>
>>> The keys are available at <https://gnupg.org/signature_key.html> and
>>> in any recently released GnuPG tarball in the file g10/distsigkey.gpg .
>>> Note that this mail has been signed by a different key.
>>> ===========
>>>
>>> [1] If you want to test whether you are affected by this bug, remove the
>>> indentation from the following block
>>>
>>>   -----BEGIN PGP MESSAGE-----
>>>   
>>>   jA0EBwMC1pW2pqoYvbXl0p4Bo5z/v7PXy7T1BY/KQxWaE9uTBRbf4no64/+5YYzX
>>>   +BVNqP+82aBFYXEsD9x1vGuYwofQ4m/q/WcQDEPXhRyzU+4yiT3EOuG7sTTaQR3b
>>>   8xAn2Qtpyq5tO7k9CN6dasaXKSduXVmFUqzgU+W9WaTLOKNDFw6FYV3lnOoPtFcX
>>>   rzhh2opkX9Oh/5DUkZ6YmUIX3j/A0z+59/qNO1i2hQ==
>>>   =zswl
>>>   -----END PGP MESSAGE-----
>>>
>>> and pass to this pipeline
>>>
>>>   gpg --no-options -vd 2>&1 | grep '^\[GNUPG:] INJECTED'  
>>>
>>> If you get some output you are using a non-fixed version.
>>>
>>>
>>>
>>> _______________________________________________
>>> Gnupg-announce mailing list
>>> Gnupg-announce at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-announce
>>>
>>>
>>>
>>> _______________________________________________
>>> Gnupg-users mailing list
>>> Gnupg-users at gnupg.org
>>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>>
>>
>>
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>>
> It says part of your message to me was encrypted and prompted me for my
> passphrase, but it must not have been encrypted with my public key.
> 

-- 
Juergen M. Bruckner
juergen at bruckner.tk