Security update for python-python-gnupg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0239-1 Final 1 1 2019-02-23T15:47:12Z current 2019-02-23T15:47:12Z 2019-02-23T15:47:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-python-gnupg This update for python-python-gnupg to version 0.4.4 fixes the following issues: Security issue fixed: - CVE-2019-6690: Added a check to disallow certain control characters ('\r', '\n', NUL) in passphrases (boo#1123498). This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-239 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QAXWGDTCYULVU3YE6PBYHKHJXXNNNWTF/#QAXWGDTCYULVU3YE6PBYHKHJXXNNNWTF E-Mail link for openSUSE-SU-2019:0239-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1123498 SUSE Bug 1123498 https://www.suse.com/security/cve/CVE-2019-6690/ SUSE CVE CVE-2019-6690 page SUSE Package Hub 15 python2-python-gnupg-0.4.4-bp150.2.3.1 python3-python-gnupg-0.4.4-bp150.2.3.1 python2-python-gnupg-0.4.4-bp150.2.3.1 as a component of SUSE Package Hub 15 python3-python-gnupg-0.4.4-bp150.2.3.1 as a component of SUSE Package Hub 15 python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. CVE-2019-6690 SUSE Package Hub 15:python2-python-gnupg-0.4.4-bp150.2.3.1 SUSE Package Hub 15:python3-python-gnupg-0.4.4-bp150.2.3.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QAXWGDTCYULVU3YE6PBYHKHJXXNNNWTF/#QAXWGDTCYULVU3YE6PBYHKHJXXNNNWTF https://www.suse.com/security/cve/CVE-2019-6690.html CVE-2019-6690 https://bugzilla.suse.com/1123498 SUSE Bug 1123498