Thursday, April 3, 2025

[USN-7412-1] GnuPG vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfur0QFAwAAAAAACgkQZWnYVadEvpPK
Xg//Sn8aqULE72GSBdEuINFbgc99pMu+6O1/EtlA8f8yGffwHvR/2k6wW6LrI02zuodJq9orkm+6
W+DraXY824SMdfQhv/WL/F7DKVWoRbMH8uGmIbQU++92/CJmVXxc+VlEXzejyZXw71cJbj3t0xJZ
L3ckhTP0pMK4/YWWkudP3DPLkuG462A0p4nhZzl9YhQpE0jTHDp4WjiDHDHM5CwFc/kvBgNFSPBs
SCWLADk7e6DBgDgblJBRXmzEsyVLDd+yGYLbikfQBTM1esJq8mfzsVRrMq6qcyQFfhLXIkO5CrJv
//kFoSIUVSc6n4FNoEC/4sBm9cwBvtfoaShjlfjvLSwW6RRqmcO+D67/FzgpUi0yZ2d949qRlBDZ
jYGTpAySRUu/GN6iAh+rP1eWImz4JhCUINoET6RO7h/v8jfd9wyuCG5zW2TRXJqYyTE9qB1OmP4G
ydidxISeXro2sGI7+jE6Qywr6LofPXsTVz5JiKzpOdJts9rCdt0eb7+Mv5sSCGagC9BkRQsIQ7d4
XAbhBBRZxGDOC8Hu6CVg9nWuyJ+02hXWwW7LxqAn4koAw5eXgcQcBghXF91kFq1a0Risx7d8pWhw
jT/v+VfhaQ06hR0Sn4IV74qv48957krYYs98xxMSJ4ImjBWihyU8/IbSwehAW5LE/GLrcochsWLY
3U0=
=nYen
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7412-1
April 03, 2025

gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

GnuPG could be made to corrupt a keyring.

Software Description:
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent users
from importing other keys in the future.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
gnupg 2.4.4-2ubuntu18.2
gnupg2 2.4.4-2ubuntu18.2
gpg 2.4.4-2ubuntu18.2

Ubuntu 24.04 LTS
gnupg 2.4.4-2ubuntu17.2
gnupg2 2.4.4-2ubuntu17.2
gpg 2.4.4-2ubuntu17.2

Ubuntu 22.04 LTS
gnupg 2.2.27-3ubuntu2.3
gnupg2 2.2.27-3ubuntu2.3
gpg 2.2.27-3ubuntu2.3

Ubuntu 20.04 LTS
gnupg 2.2.19-3ubuntu2.4
gnupg2 2.2.19-3ubuntu2.4
gpg 2.2.19-3ubuntu2.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7412-1
CVE-2025-30258

Package Information:
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu18.2
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu17.2
https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.3
https://launchpad.net/ubuntu/+source/gnupg2/2.2.19-3ubuntu2.4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)