GnuPG could be made to corrupt a keyring.
Software Description:
- gnupg2: GNU privacy guard - a free PGP replacement
Details:
It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent users
from importing other keys in the future.
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 gnupg 2.4.4-2ubuntu18.2 gnupg2 2.4.4-2ubuntu18.2 gpg 2.4.4-2ubuntu18.2 Ubuntu 24.04 LTS gnupg 2.4.4-2ubuntu17.2 gnupg2 2.4.4-2ubuntu17.2 gpg 2.4.4-2ubuntu17.2 Ubuntu 22.04 LTS gnupg 2.2.27-3ubuntu2.3 gnupg2 2.2.27-3ubuntu2.3 gpg 2.2.27-3ubuntu2.3 Ubuntu 20.04 LTS gnupg 2.2.19-3ubuntu2.4 gnupg2 2.2.19-3ubuntu2.4 gpg 2.2.19-3ubuntu2.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7412-1
CVE-2025-30258
Get the latest Linux and open source security news straight to your inbox.