Описание
Security update for gpg2
This update for gpg2 fixes the following issues:
- CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715).
Other security fixes:
- gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246).
- gpg: Error out on unverified output for non-detached signatures (bsc#1256244).
- gpg: Deprecate the option --not-dash-escaped (bsc#1256390).
Список пакетов
openSUSE Leap 16.0
dirmngr-2.5.5-160000.3.1
gpg2-2.5.5-160000.3.1
gpg2-lang-2.5.5-160000.3.1
gpg2-tpm-2.5.5-160000.3.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1255715
- SUSE Bug 1256244
- SUSE Bug 1256246
- SUSE Bug 1256390
- SUSE CVE CVE-2025-68973 page
Описание
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Затронутые продукты
openSUSE Leap 16.0:dirmngr-2.5.5-160000.3.1
openSUSE Leap 16.0:gpg2-2.5.5-160000.3.1
openSUSE Leap 16.0:gpg2-lang-2.5.5-160000.3.1
openSUSE Leap 16.0:gpg2-tpm-2.5.5-160000.3.1
Ссылки
- CVE-2025-68973
- SUSE Bug 1255715