Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
172
security advisorygnupgcriticalUbuntu 18.04 LTS: GnuPG Keyring Corruption Issue USN-7412-3 CVE-2025-30258
GnuPG could be made to corrupt a keyring.. ========================================================================== Ubuntu Security Notice USN-7412-3 December 09, 2025 gnupg2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: GnuPG could be made to corrupt a keyring. Software Description: - gnupg2: GNU privacy guard - a free PGP replacement Details: USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS gnupg 2.2.4-1ubuntu1.6+esm1 Available with Ubuntu Pro gnupg2 2.2.4-1ubuntu1.6+esm1 Available with Ubuntu Pro gpg 2.2.4-1ubuntu1.6+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS gnupg2 2.1.11-6ubuntu2.1+esm2 Available with Ubuntu Pro gpgv2 2.1.11-6ubuntu2.1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7412-3 https://ubuntu.com/security/notices/USN-7412-2 https://ubuntu.com/security/notices/USN-7412-1 CVE-2025-30258 . GnuPG update for Ubuntu resolves critical keyring corruption issue through security advisory USN-7412-3.. GnuPG Update,Ubuntu Security, Keyring Corruption, Remote Access. . Severity: Critical. LinuxSecurity.com Team
Dec 09, 2025
•Critical
Ubuntu
172
security advisorysoftware updateUbuntuUbuntu 24.10-20.04 LTS: USN-7412-1 moderate: GnuPG keyring corruption
GnuPG could be made to corrupt a keyring.. ========================================================================== Ubuntu Security Notice USN-7412-1 April 03, 2025 gnupg2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GnuPG could be made to corrupt a keyring. Software Description: - gnupg2: GNU privacy guard - a free PGP replacement Details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 gnupg 2.4.4-2ubuntu18.2 gnupg2 2.4.4-2ubuntu18.2 gpg 2.4.4-2ubuntu18.2 Ubuntu 24.04 LTS gnupg 2.4.4-2ubuntu17.2 gnupg2 2.4.4-2ubuntu17.2 gpg 2.4.4-2ubuntu17.2 Ubuntu 22.04 LTS gnupg 2.2.27-3ubuntu2.3 gnupg2 2.2.27-3ubuntu2.3 gpg 2.2.27-3ubuntu2.3 Ubuntu 20.04 LTS gnupg 2.2.19-3ubuntu2.4 gnupg2 2.2.19-3ubuntu2.4 gpg 2.2.19-3ubuntu2.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7412-1 CVE-2025-30258 Package Information: https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu18.2 https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu17.2 https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.3 https://launchpad.net/ubuntu/+source/gnupg2/2.2.19-3ubuntu2.4 . This advisory outlines vulnerabilities in GnuPG on Ubuntu, urging users to update packages and reconfigure keyrings to prevent keyring corruption risks. GnuPG Keyring Corruption, Ubuntu Security Fix, gnupg Software Update. . LinuxSecurity.com Team
Apr 03, 2025
Ubuntu
200
security advisorydenial of servicegnupgScientific Linux SL5: SLSA-2013:1458-1 Moderate GnuPG Security Advisory
Moderate: gnupg security update. Date: Thu, 24 Oct 2013 16:49:49 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: gnupg on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: gnupg security update Advisory ID: SLSA-2013:1458-1 Issue Date: 2013-10-24 CVE Numbers: CVE-2012-6085 CVE-2013-4351 CVE-2013-4402 CVE-2013-4242 -- It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) -- SL5 x86_64 gnupg-1.4.5-18.el5_10.x86_64.rpm gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm i386 gnupg-1.4.5-18.el5_10.i386.rpm gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm - Scientific Linux Development Team . A security patch for GnuPG tackles moderate vulnerabilities, which include potential denial of service attacks and keyring data corruption risks.. gnupg update, Scientific Linux security, moderate advisory. .LinuxSecurity.com Team
Oct 24, 2013
Scientific Linux
98
security advisorymoderateRed HatRed Hat Enterprise Linux 5 & 6 RHSA-2013:1459-01 Moderate GnuPG2 Update
An updated gnupg2 package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnupg2 security update Advisory ID: RHSA-2013:1459-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1459.html Issue date: 2013-10-24 CVE Names: CVE-2012-6085 CVE-2013-4351 CVE-2013-4402 ==================================================================== 1. Summary: An updated gnupg2 package that fixes three security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets.An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg2 users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 891142 - CVE-2012-6085 GnuPG: read_block() corrupt key input validation 1010137 - CVE-2013-4351 gnupg: treats no-usage-permitted keys as all-usages-permitted 1015685 - CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gnupg2-2.0.10-6.el5_10.i386.rpm gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm x86_64: gnupg2-2.0.10-6.el5_10.x86_64.rpm gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: gnupg2-2.0.10-6.el5_10.i386.rpm gnupg2-debuginfo-2.0.10-6.el5_10.i386.rpm ia64: gnupg2-2.0.10-6.el5_10.ia64.rpm gnupg2-debuginfo-2.0.10-6.el5_10.ia64.rpm ppc: gnupg2-2.0.10-6.el5_10.ppc.rpm gnupg2-debuginfo-2.0.10-6.el5_10.ppc.rpm s390x: gnupg2-2.0.10-6.el5_10.s390x.rpm gnupg2-debuginfo-2.0.10-6.el5_10.s390x.rpm x86_64: gnupg2-2.0.10-6.el5_10.x86_64.rpm gnupg2-debuginfo-2.0.10-6.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: gnupg2-2.0.14-6.el6_4.i686.rpm gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm x86_64: gnupg2-2.0.14-6.el6_4.x86_64.rpm gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm gnupg2-smime-2.0.14-6.el6_4.i686.rpm x86_64: gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: gnupg2-2.0.14-6.el6_4.x86_64.rpm gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: i386: gnupg2-2.0.14-6.el6_4.i686.rpm gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm ppc64: gnupg2-2.0.14-6.el6_4.ppc64.rpm gnupg2-debuginfo-2.0.14-6.el6_4.ppc64.rpm s390x: gnupg2-2.0.14-6.el6_4.s390x.rpm gnupg2-debuginfo-2.0.14-6.el6_4.s390x.rpm x86_64: gnupg2-2.0.14-6.el6_4.x86_64.rpm gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm gnupg2-smime-2.0.14-6.el6_4.i686.rpm ppc64: gnupg2-debuginfo-2.0.14-6.el6_4.ppc64.rpm gnupg2-smime-2.0.14-6.el6_4.ppc64.rpm s390x: gnupg2-debuginfo-2.0.14-6.el6_4.s390x.rpm gnupg2-smime-2.0.14-6.el6_4.s390x.rpm x86_64: gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v.6): Source: i386: gnupg2-2.0.14-6.el6_4.i686.rpm gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm x86_64: gnupg2-2.0.14-6.el6_4.x86_64.rpm gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: i386: gnupg2-debuginfo-2.0.14-6.el6_4.i686.rpm gnupg2-smime-2.0.14-6.el6_4.i686.rpm x86_64: gnupg2-debuginfo-2.0.14-6.el6_4.x86_64.rpm gnupg2-smime-2.0.14-6.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-6085 https://access.redhat.com/security/cve/CVE-2013-4351 https://access.redhat.com/security/cve/CVE-2013-4402 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . This notification outlines a significant security enhancement for gnupg2 aimed at resolving keyring integrity and denial of service vulnerabilities.. RedHat, GnuPG, SecurityUpdate, KeyringIssue, DoSImpact. . LinuxSecurity.com Team
Oct 24, 2013
Red Hat
98
security advisorymoderateRed HatRed Hat Linux 5 RHSA-2013:1458-01 Moderate: GnuPG DoS and Cache Attack
An updated gnupg package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gnupg security update Advisory ID: RHSA-2013:1458-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1458.html Issue date: 2013-10-24 CVE Names: CVE-2012-6085 CVE-2013-4242 CVE-2013-4351 CVE-2013-4402 ==================================================================== 1. Summary: An updated gnupg package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker coulduse this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg users are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 891142 - CVE-2012-6085 GnuPG: read_block() corrupt key input validation 988589 - CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack 1010137 - CVE-2013-4351 gnupg: treats no-usage-permitted keys as all-usages-permitted 1015685 - CVE-2013-4402 GnuPG: infinite recursion in the compressed packet parser DoS 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: gnupg-1.4.5-18.el5_10.i386.rpm gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm x86_64: gnupg-1.4.5-18.el5_10.x86_64.rpm gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: gnupg-1.4.5-18.el5_10.i386.rpm gnupg-debuginfo-1.4.5-18.el5_10.i386.rpm ia64: gnupg-1.4.5-18.el5_10.ia64.rpm gnupg-debuginfo-1.4.5-18.el5_10.ia64.rpm ppc: gnupg-1.4.5-18.el5_10.ppc.rpm gnupg-debuginfo-1.4.5-18.el5_10.ppc.rpm s390x: gnupg-1.4.5-18.el5_10.s390x.rpm gnupg-debuginfo-1.4.5-18.el5_10.s390x.rpm x86_64: gnupg-1.4.5-18.el5_10.x86_64.rpm gnupg-debuginfo-1.4.5-18.el5_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-6085 https://access.redhat.com/security/cve/CVE-2013-4242 https://access.redhat.com/security/cve/CVE-2013-4351 https://access.redhat.com/security/cve/CVE-2013-4402 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Oracle has issued a significant patch for openjdk responding to critical vulnerabilities in Oracle Linux 7.. gnupg Security, Red Hat Update, Data Protection, Moderate Security. . LinuxSecurity.com Team
Oct 24, 2013
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!