Alerts This Week
Warning Icon 1 1,308
Alerts This Week
Warning Icon 1 1,308

Ubuntu 25.10: GnuPG Critical Remote Code Exec Vulnerability USN-7946-1

ubuntu
Calendar Grey January 8, 2026
Dist Ubuntu Esm H88
A critical security notice for Ubuntu's GnuPG highlights a remote crash issue from crafted network traffic.
GnuPG could be made to crash or run programs if it received specially crafted network traffic.

Summary

GnuPG could be made to crash or run programs if it received

specially crafted network traffic.

Software Description:

- gnupg2: GNU privacy guard - a free PGP replacement

Details:

It was discovered that GnuPG incorrectly handled crafted input.

A remote attacker could possibly use this issue to crash the program,

or execute arbitrary code.

Topics%20covered

Topics Covered

security advisory gnupg critical remote code execution Ubuntu network traffic

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  gnupg                           2.4.8-2ubuntu2.1
  gnupg2                          2.4.8-2ubuntu2.1
  gpg                             2.4.8-2ubuntu2.1

Ubuntu 25.04
  gnupg                           2.4.4-2ubuntu23.2
  gnupg2                          2.4.4-2ubuntu23.2
  gpg                             2.4.4-2ubuntu23.2

Ubuntu 24.04 LTS
  gnupg                           2.4.4-2ubuntu17.4
  gnupg2                          2.4.4-2ubuntu17.4
  gpg                             2.4.4-2ubuntu17.4

Ubuntu 22.04 LTS
  gnupg                           2.2.27-3ubuntu2.5
  gnupg2                          2.2.27-3ubuntu2.5
  gpg                             2.2.27-3ubuntu2.5

Ubuntu 20.04 LTS
  gnupg                           2.2.19-3ubuntu2.5+esm1
                                  Available with Ubuntu Pro
  gnupg2                          2.2.19-3ubuntu2.5+esm1
                                  Available with Ubuntu Pro
  gpg                             2.2.19-3ubuntu2.5+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  gnupg                           2.2.4-1ubuntu1.6+esm2
                                  Available with Ubuntu Pro
  gnupg2                          2.2.4-1ubuntu1.6+esm2
                                  Available with Ubuntu Pro
  gpg                             2.2.4-1ubuntu1.6+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  gnupg2                          2.1.11-6ubuntu2.1+esm3
                                  Available with Ubuntu Pro
  gpgv2                           2.1.11-6ubuntu2.1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7946-1

CVE-2025-68973

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7946-1

Topics%20covered

Topics Covered

security advisory gnupg critical remote code execution Ubuntu network traffic

Package Information

https://launchpad.net/ubuntu/+source/gnupg2/2.4.8-2ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu23.2
https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here