CVE-2026-57062

CMS Cryptographic Message Syntax parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182...

Astra Linux – Vulnerability in gnupg2

GnuPG versions up to 2.3.6 allow for signature forgery in unusual situations where an attacker possesses secret-key information from a victim’s keyring, and other constraints such as the use of GPGME are met. This can be achieved by injecting malicious data into the command line’s status line...

Updated gnupg2 packages fix security vulnerabilities

CVE-2025-68973, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC key...

JLSEC-2026-564 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized...

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

Security Bulletin: Vulnerabilities exists in IBM Cloud Pak for Data System (CPDS 1.0) - Cyclops.

Summary Vulnerabilities exists in IBM Cloud Pak for Data System CPDS 1.0 - Cyclops addressed in 11.3.1.1. Vulnerability Details CVEID:CVE-2022-3219 DESCRIPTION: GnuPG can be made to spin on a relatively small input by for example crafting a public key with thousands of signatures attached,...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1.1 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics...

Security Bulletin: Muliple security vulnerabilities found in IBM CICS TX Standard.

Summary Multiple security vulnerabilities found in IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address multiple vulnerabilities in brotli, gnutls, libssh, openssl, curl, binutils, gnupg2, glib2 packages. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue...

Fedora: Security Advisory (FEDORA-2026-936a74ccc0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2026-8f1d7b6821)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc42

Sequoia's reimplementation of the GnuPG interface...

[SECURITY] Fedora 44 Update: rust-sequoia-chameleon-gnupg-0.13.1-11.fc44

Sequoia's reimplementation of the GnuPG interface...

Fedora 44 : rust-pty-process / rust-sequoia-chameleon-gnupg (2026-29e1155702)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-29e1155702 advisory. Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056. Update rust-pty-process to 0.5.3, and adjust the dev-dependency in...

Fedora 42 : rust-pty-process / rust-sequoia-chameleon-gnupg (2026-8f1d7b6821)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8f1d7b6821 advisory. Rebuild rust-sequoia-chameleon-gnupg with rust-tar 0.4.45 for CVE-2026-33056. Update rust-pty-process to 0.5.3, and adjust the dev-dependency in...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2026-1554)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

How to Manually Update GPG key on Veeam Hardened Repository Appliance

Article Applicability This article is specifically regarding the Veeam Hardened Repository ISO v2 appliance, which was distributed alongside Veeam Backup & Replication 12. For information about manually updating the GPG key on the appliances associated with Veeam Backup & Replication 13, review...

Huawei EulerOS: Security Advisory for gnupg2 (EulerOS-SA-2026-1238)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP13 : gnupg2 (EulerOS-SA-2026-1238)

According to the versions of the gnupg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2026-005933)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005933 advisory. In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.8)

The version of AHV installed on the remote host is prior to AHV-10.0.1.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.8 advisory. - In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended,...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.4)

The version of AHV installed on the remote host is prior to AHV-10.3.1.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.4 advisory. - In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended,...