[SECURITY] Fedora 43 Update: rust-sequoia-sqv-1.3.0-6.fc43

A simple OpenPGP signature verification program...

[SECURITY] Fedora 42 Update: rust-sequoia-sqv-1.3.0-6.fc42

A simple OpenPGP signature verification program...

Astra Linux - уязвимость в thunderbird

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used, which could allow a network observer to determine the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

bouncycastle: BC-JAVA: unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcpg. A specially crafted PGP AEAD Authenticated Encryption with Associated Data message with an unbounded chunk size can lead to an excessive consumption of memory. This issue allows an unauthenticated remote attacker to cause memory...

[SECURITY] Fedora 44 Update: rust-sequoia-openpgp-2.3.0-1.fc44

OpenPGP data types and associated machinery...

[SECURITY] Fedora 44 Update: rust-sequoia-sop-0.37.3-3.fc44

An implementation of the Stateless OpenPGP Interface using Sequoia...

[SECURITY] Fedora 44 Update: rust-rpm-sequoia-1.10.2-2.fc44

An implementation of the RPM PGP interface using Sequoia...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017437)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017437 advisory. The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous...

Unity Linux 20.1060e / 20.1070e Security Update: libgcrypt (UTSA-2026-017573)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017573 advisory. Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and...

GHSA-2P6R-X3VV-XQM2 rpassword affected by partial password reveal when input is interrupted

rpassword maintainers were made aware of a possible issue with a partial password reveal when input is interrupted. To quote @squell: @conradkleinespel I've confirmed this problem with SequoiaPGP, which I think uses rpassword, e.g.: Suppose we use pkill -9 sq in a different terminal right after t...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP1)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.SP1. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

Astra Linux - уязвимость в thunderbird

When receiving an email message signed with OpenPGP/MIME and containing an additional outer MIME message layer, such as a message footer added by a mailing list gateway, Thunderbird only considers the signed inner message for signature validity. This creates the false impression that the addition...

Astra Linux - уязвимость в thunderbird

Thunderbird unprotects a secret OpenPGP key before using it for decryption, signing, or key import tasks. If the task fails, the secret key may remain in memory in an unprotected state. This vulnerability affects Thunderbird versions earlier than 78.8.1...

Astra Linux - уязвимость в thunderbird

If a Thunderbird user has previously imported Alice’s OpenPGP key, and Alice has extended the validity period of her key, but Alice’s updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice’s key with an invalid subkey. In this case, Thunderbird...

Astra Linux - уязвимость в thunderbird

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are protected. This vulnerability affects Thunderbird 78.10.2...

Astra Linux - уязвимость в libgcrypt20

The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's...

CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521

CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...

[SECURITY] Fedora 43 Update: rust-rpm-sequoia-1.10.2-1.fc43

An implementation of the RPM PGP interface using Sequoia...