157 matches found
CLSA-2026-1777545003 rpm: Fix of CVE-2021-3521
CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...
CLSA-2026-1777539405 rpm: Fix of CVE-2021-3521
CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...
CLSA-2026-1777539108 rpm: Fix of CVE-2021-3521
CVE-2021-3521: validate and require subkey binding signatures on PGP public keys...
CLSA-2026-1776159098 Fix CVE(s): CVE-2025-30258
SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signature...
CLSA-2026-1775119189 gnupg2: Fix of CVE-2025-30258
CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...
CLSA-2026-1774612633 gnupg2: Fix of CVE-2025-30258
CVE-2025-30258: fix verification DoS due to a malicious subkey in the keyring...
EulerOS Virtualization 2.12.1 : gnupg2 (EulerOS-SA-2026-1427)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...
CLSA-2026-1772571803 munge: Fix of CVE-2026-25506
CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks and input validation for address length; prevent leak of cryptographic MAC subkey and forging of arbitrary credentials...
SUSE CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
AZL-77451 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
AZL-77444 CVE-2026-25506 affecting package munge for versions less than 0.5.18-1
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
CVE-2026-25506
MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...
Linux Distros Unpatched Vulnerability : CVE-2026-25506
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability ...
EulerOS Virtualization 2.10.0 : gnupg2 (EulerOS-SA-2026-1168)
According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that...
Siemens Ruggedcom ROX Improper Input Validation (CVE-2018-9234)
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. This plugin only works with Tenable.ot. Please visit...
USN-7412-3: GnuPG vulnerability
USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were trick...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnupg2 (UTSA-2025-991068)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991068 advisory. In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the...