Security update for gpg2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20029-1 Final 1 1 2026-01-14T10:23:16Z current 2026-01-14T10:23:16Z 2026-01-14T10:23:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gpg2 This update for gpg2 fixes the following issues: - CVE-2025-68973: out-of-bounds write when processing specially crafted input in the armor parser can lead to memory corruption (bsc#1255715). Other security fixes: - gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures (bsc#1256246). - gpg: Error out on unverified output for non-detached signatures (bsc#1256244). - gpg: Deprecate the option --not-dash-escaped (bsc#1256390). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-138 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1255715 SUSE Bug 1255715 https://bugzilla.suse.com/1256244 SUSE Bug 1256244 https://bugzilla.suse.com/1256246 SUSE Bug 1256246 https://bugzilla.suse.com/1256390 SUSE Bug 1256390 https://www.suse.com/security/cve/CVE-2025-68973/ SUSE CVE CVE-2025-68973 page openSUSE Leap 16.0 dirmngr-2.5.5-160000.3.1 gpg2-2.5.5-160000.3.1 gpg2-lang-2.5.5-160000.3.1 gpg2-tpm-2.5.5-160000.3.1 dirmngr-2.5.5-160000.3.1 as a component of openSUSE Leap 16.0 gpg2-2.5.5-160000.3.1 as a component of openSUSE Leap 16.0 gpg2-lang-2.5.5-160000.3.1 as a component of openSUSE Leap 16.0 gpg2-tpm-2.5.5-160000.3.1 as a component of openSUSE Leap 16.0 In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.) CVE-2025-68973 openSUSE Leap 16.0:dirmngr-2.5.5-160000.3.1 openSUSE Leap 16.0:gpg2-2.5.5-160000.3.1 openSUSE Leap 16.0:gpg2-lang-2.5.5-160000.3.1 openSUSE Leap 16.0:gpg2-tpm-2.5.5-160000.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-68973.html CVE-2025-68973 https://bugzilla.suse.com/1255715 SUSE Bug 1255715