Fedora 43 gnupg2 Critical Buffer Overflow Fix CVE-2026-24882
fedora
February 5, 2026
Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
Summary
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
Update Information:
Fix CVE-2026-24882: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution
Topics Covered
Change Log
* Wed Jan 28 2026 Jakub Jelen
References
[ 1 ] Bug #2433665 - CVE-2026-24882 gnupg2: GnuPG: Stack-based buffer overflow in tpm2daemon allows arbitrary code execution [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2433665
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d5c00a447f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: gnupg2
Product: Fedora 43
Version: 2.4.9
Release: 5.fc43
Summary: Utility for secure communication and data storage
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!