Package "gpgsm"

Name:	gpgsm
Description:	GNU privacy guard - S/MIME version
Latest version:	2.4.4-2ubuntu17.2
Release:	noble (24.04)
Level:	security
Repository:	main
Head package:	gnupg2
Homepage:	https://www.gnupg.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "gpgsm"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "gpgsm" in Noble

Repository	Area	Version
base	main	2.4.4-2ubuntu17
updates	main	2.4.4-2ubuntu17.2

Changelog

Version: 2.4.4-2ubuntu17.2 2025-04-03 16:07:13 UTC

gnupg2 (2.4.4-2ubuntu17.2) noble-security; urgency=medium * SECURITY UPDATE: verification DoS via crafted subkey data - debian/patches/CVE-2025-30258-1.patch: lookup key for merging/ inserting only by primary key in g10/getkey.c, g10/import.c, g10/keydb.h. - debian/patches/CVE-2025-30258-2.patch: remove a signature check function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c. - debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to a malicious subkey in the keyring in g10/getkey.c, g10/gpg.h, g10/keydb.h, g10/mainproc.c, g10/packet.h, g10/sig-check.c. - debian/patches/CVE-2025-30258-4.patch: fix regression for the recent malicious subkey DoS fix in g10/getkey.c, g10/packet.h. - debian/patches/CVE-2025-30258-5.patch: fix double free of internal data in g10/sig-check.c. - CVE-2025-30258 -- Marc Deslauriers <email address hidden> Fri, 28 Mar 2025 11:23:49 -0400

CVE-2025-30258

In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us

About - Send Feedback to @ubuntu_updates

Package "gpgsm"

Links

Download "gpgsm"

Other versions of "gpgsm" in Noble

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates