24 matches found
USN-7412-3: GnuPG vulnerability
USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2025-991068)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991068 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...
Unity Linux 20.1070e Security Update: gnupg2 (UTSA-2025-991107)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991107 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...
EulerOS Virtualization 2.13.1 : gnupg2 (EulerOS-SA-2025-2162)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...
EulerOS 2.0 SP10 : gnupg2 (EulerOS-SA-2025-2067)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
EulerOS 2.0 SP10 : gnupg2 (EulerOS-SA-2025-2095)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
Linux Distros Unpatched Vulnerability : CVE-2025-30258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags,...
EulerOS 2.0 SP11 : gnupg2 (EulerOS-SA-2025-1952)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
EulerOS 2.0 SP11 : gnupg2 (EulerOS-SA-2025-1926)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
EulerOS 2.0 SP13 : gnupg2 (EulerOS-SA-2025-1989)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
EulerOS 2.0 SP13 : gnupg2 (EulerOS-SA-2025-1975)
According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect...
Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2025-1989)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: gnupg2
Issue Overview: In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
USN-7412-2 gnupg2 regression
USN-7412-1 fixed vulnerabilities in GnuPG. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated...
OESA-2025-1521 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...
Updated gnupg2 packages fix security vulnerability
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS". CVE-2025-30258...
OESA-2025-1375 gnupg2 security update
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 also known as PGP. GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories. Security Fixes: In GnuP...
USN-7412-1 gnupg2 vulnerability
It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future...
AZL-58932 CVE-2025-30258 affecting package gnupg2 2.4.0-3
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."...
CVE-2025-30258
In GNUPG before 2.5.5, importing a certificate with crafted subkey data that lacks a valid backsig or has incorrect usage flags can cause a verification DoS, disabling signature verification for certain other signing keys. This CVE affects GnuPG’s subkey import handling; impact is limited to sign...