Описание
Security update for gpg2
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fixed possile memory corruption in the armor parser [T7906] (bsc#1255715)
- Fixed GnuPG Accepting Path Separators and Path Traversals in Literal Data (bsc#1256389)
- Fixed Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (bsc#1256390)
- Fixed error out on unverified output for non-detached signatures [T7903] (bsc#1256244)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
gpg2-2.0.24-9.17.1
SUSE Linux Enterprise Server 12 SP5-LTSS
gpg2-2.0.24-9.17.1
gpg2-lang-2.0.24-9.17.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
gpg2-2.0.24-9.17.1
gpg2-lang-2.0.24-9.17.1
Ссылки
- Link for SUSE-SU-2026:0378-1
- E-Mail link for SUSE-SU-2026:0378-1
- SUSE Security Ratings
- SUSE Bug 1255715
- SUSE Bug 1256244
- SUSE Bug 1256389
- SUSE Bug 1256390
- SUSE CVE CVE-2025-68973 page
Описание
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:gpg2-2.0.24-9.17.1
SUSE Linux Enterprise Server 12 SP5-LTSS:gpg2-2.0.24-9.17.1
SUSE Linux Enterprise Server 12 SP5-LTSS:gpg2-lang-2.0.24-9.17.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:gpg2-2.0.24-9.17.1
Ссылки
- CVE-2025-68973
- SUSE Bug 1255715