Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: RNP Critical PKESK Decryption Issue CVE-2025-13402

fedora
Calendar Grey November 29, 2025
Dist Fedora Esm H88
Critical fix for RNP in Fedora 41 addresses all-zero PKESK session key issue, enhancing message encryption security.
Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with publ...

Summary

RNP is a set of OpenPGP (RFC4880) tools.

Update Information:

Version 0.18.1 Security Fixed critical issue where PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (CVE-2025-13402)

Topics%20covered

Topics Covered

security advisory fedora critical decryption RNP pkesk

Change Log

* Fri Nov 21 2025 Remi Collet - 0.18.1-1 - update to 0.18.1 for CVE-2025-13402 - disable gpg check reported as https://github.com/rnpgp/rnp/issues/2375

References


[ 1 ] Bug #2415868 - CVE-2025-13402 rnp: RNP PKESK Session Keys Generated as All\u2011Zero [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2415868

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-bc8b81c28d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rnp
Product: Fedora 41
Version: 0.18.1
Release: 1.fc41
URL: https://github.com/rnpgp/rnp
Summary: OpenPGP (RFC4880) tools

Topics%20covered

Topics Covered

security advisory fedora critical decryption RNP pkesk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here