Explore top 10 tips to secure your open-source projects now. Read More
×
USN-7412-1 introduced a regression in GnuPG.
Software Description:
- gnupg2: GNU privacy guard - a free PGP replacement
Details:
USN-7412-1 fixed vulnerabilities in GnuPG. The update introduced a
regression. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent
users from importing other keys in the future.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 gnupg 2.4.4-2ubuntu23.1 gnupg2 2.4.4-2ubuntu23.1 gpg 2.4.4-2ubuntu23.1 Ubuntu 24.10 gnupg 2.4.4-2ubuntu18.3 gnupg2 2.4.4-2ubuntu18.3 gpg 2.4.4-2ubuntu18.3 Ubuntu 24.04 LTS gnupg 2.4.4-2ubuntu17.3 gnupg2 2.4.4-2ubuntu17.3 gpg 2.4.4-2ubuntu17.3 Ubuntu 22.04 LTS gnupg 2.2.27-3ubuntu2.4 gnupg2 2.2.27-3ubuntu2.4 gpg 2.2.27-3ubuntu2.4 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7412-2
https://ubuntu.com/security/notices/USN-7412-1
https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/2114775
Get the latest Linux and open source security news straight to your inbox.