UbuntuUpdates.org

Package "dirmngr"

Name: dirmngr

Description:

GNU privacy guard - network certificate management service
Latest version: 2.4.4-2ubuntu17.3
Release: noble (24.04)
Level: security
Repository: main
Head package: gnupg2
Homepage: https://www.gnupg.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dirmngr"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dirmngr" in Noble

Repository Area Version
base main 2.4.4-2ubuntu17
updates main 2.4.4-2ubuntu17.3

Changelog

Version: 2.4.4-2ubuntu17.3 2025-07-07 19:07:12 UTC

  gnupg2 (2.4.4-2ubuntu17.3) noble-security; urgency=medium

  * debian/patches/fix-key-validity-regression-due-to-CVE-2025-
    30258.patch:
    - Fix a key validity regression following patches for CVE-2025-30258,
      causing trusted "certify-only" primary keys to be ignored when checking
      signature on user IDs and computing key validity. This regression makes
      imported keys signed by a trusted "certify-only" key have an unknown
      validity (LP: #2114775).

 -- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 13:17:22 +0000
Source diff to previous version
2114775 Key validity not computed when key is certified by a trusted \
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us

Version: 2.4.4-2ubuntu17.2 2025-04-03 16:07:13 UTC

  gnupg2 (2.4.4-2ubuntu17.2) noble-security; urgency=medium

  * SECURITY UPDATE: verification DoS via crafted subkey data
    - debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
      inserting only by primary key in g10/getkey.c, g10/import.c,
      g10/keydb.h.
    - debian/patches/CVE-2025-30258-2.patch: remove a signature check
      function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
    - debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
      a malicious subkey in the keyring in g10/getkey.c, g10/gpg.h,
      g10/keydb.h, g10/mainproc.c, g10/packet.h, g10/sig-check.c.
    - debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
      malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
    - debian/patches/CVE-2025-30258-5.patch: fix double free of internal
      data in g10/sig-check.c.
    - CVE-2025-30258

 -- Marc Deslauriers <email address hidden> Fri, 28 Mar 2025 11:23:49 -0400
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us


About   -   Send Feedback to @ubuntu_updates