Package "gnupg2"
| Name: |
gnupg2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- GNU privacy guard - network certificate management service
- GNU privacy guard - a free PGP replacement
- GNU privacy guard - localization files
- GNU privacy guard - utility programs
|
| Latest version: |
2.4.4-2ubuntu17.2 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
Links
Other versions of "gnupg2" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
gnupg2 (2.4.4-2ubuntu17.2) noble-security; urgency=medium
* SECURITY UPDATE: verification DoS via crafted subkey data
- debian/patches/CVE-2025-30258-1.patch: lookup key for merging/
inserting only by primary key in g10/getkey.c, g10/import.c,
g10/keydb.h.
- debian/patches/CVE-2025-30258-2.patch: remove a signature check
function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to
a malicious subkey in the keyring in g10/getkey.c, g10/gpg.h,
g10/keydb.h, g10/mainproc.c, g10/packet.h, g10/sig-check.c.
- debian/patches/CVE-2025-30258-4.patch: fix regression for the recent
malicious subkey DoS fix in g10/getkey.c, g10/packet.h.
- debian/patches/CVE-2025-30258-5.patch: fix double free of internal
data in g10/sig-check.c.
- CVE-2025-30258
-- Marc Deslauriers <email address hidden> Fri, 28 Mar 2025 11:23:49 -0400
|
| CVE-2025-30258 |
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect us |
|
About
-
Send Feedback to @ubuntu_updates
