Fedora 42 gnupg2 Critical Stack Overflow Vulnerability for Code Execution
fedora
February 17, 2026
Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
Summary
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
Update Information:
Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
Topics Covered
Change Log
* Tue Feb 3 2026 Jakub Jelen
References
[ 1 ] Bug #2433663 - CVE-2026-24882 gnupg2: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2433663
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-59fdfa64f5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: gnupg2
Product: Fedora 42
Version: 2.4.9
Release: 2.fc42
Summary: Utility for secure communication and data storage
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!