Описание
Security update for gpg2
This update for gpg2 fixes the following issues:
Security fixes:
- CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396)
- Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
dirmngr-2.4.4-150600.3.15.1
gpg2-2.4.4-150600.3.15.1
gpg2-lang-2.4.4-150600.3.15.1
SUSE Linux Enterprise Server 15 SP6-LTSS
dirmngr-2.4.4-150600.3.15.1
gpg2-2.4.4-150600.3.15.1
gpg2-lang-2.4.4-150600.3.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
dirmngr-2.4.4-150600.3.15.1
gpg2-2.4.4-150600.3.15.1
gpg2-lang-2.4.4-150600.3.15.1
openSUSE Leap 15.6
dirmngr-2.4.4-150600.3.15.1
gpg2-2.4.4-150600.3.15.1
gpg2-lang-2.4.4-150600.3.15.1
gpg2-tpm-2.4.4-150600.3.15.1
Ссылки
- Link for SUSE-SU-2026:0434-1
- E-Mail link for SUSE-SU-2026:0434-1
- SUSE Security Ratings
- SUSE Bug 1256389
- SUSE Bug 1257396
- SUSE CVE CVE-2026-24882 page
Описание
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:dirmngr-2.4.4-150600.3.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:gpg2-2.4.4-150600.3.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:gpg2-lang-2.4.4-150600.3.15.1
SUSE Linux Enterprise Server 15 SP6-LTSS:dirmngr-2.4.4-150600.3.15.1
Ссылки
- CVE-2026-24882
- SUSE Bug 1257396