16 matches found
CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258
SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...
CLSA-2026-1774612633 gnupg2: Fix of CVE-2025-30258
CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring bsc1239119 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:3986-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring bsc1239119...
SUSE-SU-2025:02259-1 Recommended update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring bsc1239119. Other bugfixes: - Do not install expired sks certificate bsc1243069. - gpg hangs when importing a key bsc1236931...
SUSE-SU-2025:20472-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-30258: Fix a verification DoS due to a malicious subkey in the keyring: bsc1239119, bsc1236931 gpg: Fix regression for the recent malicious subkey DoS fix. gpg: Fix another regression due to the T7547 fix. gpg: Allow the use of an ADSK...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-30258: Fix a verification DoS due to a malicious subkey in the keyring: bsc1239119, bsc1236931 gpg: Fix regression for the recent malicious subkey DoS fix. gpg: Fix another regression due to the T7547 fix. gpg: Allow the use of an ADSK...
SUSE-SU-2025:20454-1 Security update for gpg2
This update for gpg2 fixes the following issues: Fix regression for the recent malicious subkey DoS fix in CVE-2025-30258. bsc1236931, bsc1239119, CVE-2025-30258...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-30258: Fixed a verification DoS due to a malicious subkey in the keyring. bsc1239119 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...
SUSE-SU-2025:20444-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed a verification DoS due to a malicious subkey in the keyring. bsc1239119...
SUSE-SU-2025:20209-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring bsc1239119...
Security update for gpg2
This update for gpg2 fixes the following issues: CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring bsc1239119 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...
SUSE CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...
AZL-10637 CVE-2021-3521 affecting package rpm for versions less than 4.18.0-1
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to...
rpm: RPM does not require subkeys to have a valid binding signature
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...
rpm: RPM does not require subkeys to have a valid binding signature
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature."1 RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey t...