Описание
Recommended update for gpg2
This update for gpg2 fixes the following issues:
- CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119).
Other bugfixes:
- Do not install expired sks certificate (bsc#1243069).
- gpg hangs when importing a key (bsc#1236931).
Список пакетов
Container bci/spack:0.23
gpg2-2.4.4-150600.3.9.1
Container containers/pytorch:2-nvidia
gpg2-2.4.4-150600.3.9.1
Container suse/cosign:latest
gpg2-2.4.4-150600.3.9.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
gpg2-2.4.4-150600.3.9.1
Container suse/sle15:15.6
gpg2-2.4.4-150600.3.9.1
Container suse/sle15:latest
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-BYOS
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-BYOS-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-HPC-BYOS
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-HPC-BYOS-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-HPC-BYOS-EC2
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-HPC-EC2
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-Hardened-BYOS
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-Hardened-BYOS-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Azure-3P
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-BYOS
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-BYOS-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Hardened
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Hardened-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAPCAL
gpg2-2.4.4-150600.3.9.1
Image SLES15-SP6-SAPCAL-Azure
gpg2-2.4.4-150600.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
dirmngr-2.4.4-150600.3.9.1
gpg2-2.4.4-150600.3.9.1
gpg2-lang-2.4.4-150600.3.9.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
dirmngr-2.4.4-150600.3.9.1
gpg2-2.4.4-150600.3.9.1
gpg2-lang-2.4.4-150600.3.9.1
openSUSE Leap 15.6
dirmngr-2.4.4-150600.3.9.1
gpg2-2.4.4-150600.3.9.1
gpg2-lang-2.4.4-150600.3.9.1
gpg2-tpm-2.4.4-150600.3.9.1
Ссылки
- Link for SUSE-SU-2025:02259-1
- E-Mail link for SUSE-SU-2025:02259-1
- SUSE Security Ratings
- SUSE Bug 1236931
- SUSE Bug 1239119
- SUSE Bug 1239817
- SUSE CVE CVE-2025-30258 page
Описание
In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Затронутые продукты
Container bci/spack:0.23:gpg2-2.4.4-150600.3.9.1
Container containers/pytorch:2-nvidia:gpg2-2.4.4-150600.3.9.1
Container suse/cosign:latest:gpg2-2.4.4-150600.3.9.1
Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:gpg2-2.4.4-150600.3.9.1
Ссылки
- CVE-2025-30258
- SUSE Bug 1239817