Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 18.04 LTS: GnuPG Keyring Corruption Issue USN-7412-3 CVE-2025-30258

ubuntu
Calendar Grey December 9, 2025
Dist Ubuntu Esm H88
GnuPG update for Ubuntu resolves critical keyring corruption issue through security advisory USN-7412-3.
GnuPG could be made to corrupt a keyring.

Summary

GnuPG could be made to corrupt a keyring.

Software Description:

- gnupg2: GNU privacy guard - a free PGP replacement

Details:

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the

corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that GnuPG incorrectly handled importing keys with

certain crafted subkey data. If a user or automated system were tricked

into importing a specially crafted key, a remote attacker may prevent

users from importing other keys in the future.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  gnupg                           2.2.4-1ubuntu1.6+esm1
                                  Available with Ubuntu Pro
  gnupg2                          2.2.4-1ubuntu1.6+esm1
                                  Available with Ubuntu Pro
  gpg                             2.2.4-1ubuntu1.6+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  gnupg2                          2.1.11-6ubuntu2.1+esm2
                                  Available with Ubuntu Pro
  gpgv2                           2.1.11-6ubuntu2.1+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7412-3

https://ubuntu.com/security/notices/USN-7412-2

https://ubuntu.com/security/notices/USN-7412-1

CVE-2025-30258

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7412-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here