Bug 1563930 (CVE-2018-9234) - CVE-2018-9234 GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing subkeys
Summary: CVE-2018-9234 GnuPG: Unenforced configuration allows for apparently valid cer...
Alias: CVE-2018-9234
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1563931 1563932 1563933 1563934 1564367 1564368
Blocks: 1563936
TreeView+ depends on / blocked
Reported: 2018-04-05 05:19 UTC by Sam Fowler
Modified: 2020-12-17 10:36 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-07-31 06:58:14 UTC

Attachments (Terms of Use)

Description Sam Fowler 2018-04-05 05:19:32 UTC
GnuPG through version 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.

Upstream Issue:


Upstream Patch:


Comment 1 Sam Fowler 2018-04-05 05:19:55 UTC
Created gnupg2 tracking bugs for this issue:

Affects: fedora-all [bug 1563931]

Created gnupg tracking bugs for this issue:

Affects: fedora-all [bug 1563932]

Comment 3 Huzaifa S. Sidhpurwala 2018-04-06 04:03:20 UTC

Normally master keys are more protected than signing or encryption subkeys. Since master key can actually be used to prove someone's identity. Subkeys on other hand can you used to sign/verify and encrypt/decrypt messages in place of the master keys. However the procedure of signing someones keys requires the master key. The flaw allows the signing subkey to sign someones keys, without the use of the master key, when smartcards are used. This seems to be only a minor security bypass, since technically subkeys also need to have some form of security around them.

Note You need to log in before you can comment on or make changes to this bug.