27 matches found
CVE-2026-39395
Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures,...
SUSE SLES12 Security Update : gpg2 (SUSE-SU-2026:0378-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:0378-1 advisory. - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in...
SUSE-SU-2026:0378-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: Fixed possile memory corruption in the armor parser T7906 bsc1255715 - Fixed GnuPG Accepting Path Separators and Path Traversals in Literal Data bsc1256389 - Fixed Cleartext Signature Forgery in the NotDashEscaped header...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gpg2 (SUSE-SU-2026:0215-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0215-1 advisory. - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...
SUSE-SU-2026:0215-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. Error out on unverified output for non-detached signatures...
SUSE-SU-2026:0214-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser gpg.fail/memcpybsc1255715. - Avoid potential downgrade to SHA1 in 3rd party key signatures gpg.fail/sha1 bsc1256246. - Error out on unverified output for non-detached signatures...
openSUSE 16 Security Update : gpg2 (openSUSE-SU-2026:20029-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20029-1 advisory. - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other securi...
Security update for gpg2 (important)
openSUSE security update: security update for gpg2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20029-1 Rating: important References: bsc1255715 bsc1256244 bsc1256246 bsc1256390 Cross-References: CVE-2025-68973 CVSS scores: CVE-2025-68973 SUSE : ...
[SECURITY] [DLA 4437-1] gnupg2 security update
Debian LTS Advisory DLA-4437-1 [email protected] https://www.debian.org/lts/security/ Roberto C. Sánchez January 14, 2026 https://wiki.debian.org/LTS Package : gnupg2 Version : 2.2.27-2+deb11u3 CVE ID : CVE-2025-68973 Debian Bug : 1124221 Several issues have been discovered in gnupg2, a...
OPENSUSE-SU-2026:20029-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption bsc1255715. Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures bsc1256246. - gpg...
EUVD-2006-0057
Malware in sbrugna...
SUSE CVE-2006-0049
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...
MGASA-2021-0180 Updated tor packages fix security vulnerabilities
The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...
Updated tor packages fix security vulnerabilities
The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...
Mandrake Linux Security Advisory : gnupg (MDKSA-2000:087)
When importing keys from public key servers, GnuPG will import private keys also known as secret keys in addition to public keys. If this happens, the user's web of trust becomes corrupt. Additionally, when used to check detached signatures, if the data file being checked contains clearsigned dat...
Debian Security Advisory DSA 010-1 (gnupg)
The remote host is missing an update to gnupg announced via advisory DSA 010-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : gnupg -- false positive signature verification (63fe4189-9f97-11da-ac32-0001020eed82)
Werner Koch reports : The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification e.g. by scripts and mail programs, false positive signature verification of detached signatures may occur. This problem affects the to...
CVE-2006-0049
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different...