MGASA-2026-0197
- Source
- https://advisories.mageia.org/MGASA-2026-0197.html
- Import Source
- https://advisories.mageia.org/MGASA-2026-0197.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2026-0197
- Upstream
- Published
- 2026-06-11T16:55:52Z
- Modified
- 2026-06-11T17:00:07.270871397Z
- Summary
- Updated gnupg2 packages fix security vulnerabilities
- Details
-
CVE-2025-68973, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. CVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. CVE-2026-24883, a long signature packet length causes parsesignature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). Upstream has still not fixed CVE-2025-68972. We will be tracking the solution and providing an update to fix it when possible.
- References
-
- https://advisories.mageia.org/MGASA-2026-0197.html
- https://bugs.mageia.org/show_bug.cgi?id=34934
- https://www.openwall.com/lists/oss-security/2025/12/28/1
- https://ubuntu.com/security/notices/USN-7946-1
- https://www.openwall.com/lists/oss-security/2026/01/27/8
- https://www.openwall.com/lists/oss-security/2026/01/27/11
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / gnupg2
Package
- Name
- gnupg2
- Purl
- pkg:rpm/mageia/gnupg2?arch=source&distro=mageia-9