Recommended update for gpg2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02259-1 Final 1 1 2025-07-09T15:18:03Z current 2025-07-09T15:18:03Z 2025-07-09T15:18:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for gpg2 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/spack:0.23-2025-2259,Container containers/pytorch:2-nvidia-2025-2259,Container suse/cosign:latest-2025-2259,Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest-2025-2259,Container suse/sle15:15.6-2025-2259,Container suse/sle15:latest-2025-2259,Image SLES15-SP6-BYOS-2025-2259,Image SLES15-SP6-BYOS-Azure-2025-2259,Image SLES15-SP6-HPC-BYOS-2025-2259,Image SLES15-SP6-HPC-BYOS-Azure-2025-2259,Image SLES15-SP6-HPC-BYOS-EC2-2025-2259,Image SLES15-SP6-HPC-EC2-2025-2259,Image SLES15-SP6-Hardened-BYOS-2025-2259,Image SLES15-SP6-Hardened-BYOS-Azure-2025-2259,Image SLES15-SP6-SAP-2025-2259,Image SLES15-SP6-SAP-Azure-2025-2259,Image SLES15-SP6-SAP-Azure-3P-2025-2259,Image SLES15-SP6-SAP-BYOS-2025-2259,Image SLES15-SP6-SAP-BYOS-Azure-2025-2259,Image SLES15-SP6-SAP-Hardened-2025-2259,Image SLES15-SP6-SAP-Hardened-Azure-2025-2259,Image SLES15-SP6-SAP-Hardened-BYOS-2025-2259,Image SLES15-SP6-SAP-Hardened-BYOS-Azure-2025-2259,Image SLES15-SP6-SAPCAL-2025-2259,Image SLES15-SP6-SAPCAL-Azure-2025-2259,SUSE-2025-2259,SUSE-SLE-Module-Basesystem-15-SP6-2025-2259,SUSE-SLE-Module-Basesystem-15-SP7-2025-2259,openSUSE-SLE-15.6-2025-2259 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502259-1/ Link for SUSE-SU-2025:02259-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040647.html E-Mail link for SUSE-SU-2025:02259-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236931 SUSE Bug 1236931 https://bugzilla.suse.com/1239119 SUSE Bug 1239119 https://bugzilla.suse.com/1239817 SUSE Bug 1239817 https://www.suse.com/security/cve/CVE-2025-30258/ SUSE CVE CVE-2025-30258 page Container bci/spack:0.23 Container containers/pytorch:2-nvidia Container suse/cosign:latest Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container suse/sle15:15.6 Container suse/sle15:latest Image SLES15-SP6-BYOS Image SLES15-SP6-BYOS-Azure Image SLES15-SP6-HPC-BYOS Image SLES15-SP6-HPC-BYOS-Azure Image SLES15-SP6-HPC-BYOS-EC2 Image SLES15-SP6-HPC-EC2 Image SLES15-SP6-Hardened-BYOS Image SLES15-SP6-Hardened-BYOS-Azure Image SLES15-SP6-SAP Image SLES15-SP6-SAP-Azure Image SLES15-SP6-SAP-Azure-3P Image SLES15-SP6-SAP-BYOS Image SLES15-SP6-SAP-BYOS-Azure Image SLES15-SP6-SAP-Hardened Image SLES15-SP6-SAP-Hardened-Azure Image SLES15-SP6-SAP-Hardened-BYOS Image SLES15-SP6-SAP-Hardened-BYOS-Azure Image SLES15-SP6-SAPCAL Image SLES15-SP6-SAPCAL-Azure SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 gpg2-2.4.4-150600.3.9.1 dirmngr-2.4.4-150600.3.9.1 gpg2-lang-2.4.4-150600.3.9.1 gpg2-tpm-2.4.4-150600.3.9.1 gpg2-2.4.4-150600.3.9.1 as a component of Container bci/spack:0.23 gpg2-2.4.4-150600.3.9.1 as a component of Container containers/pytorch:2-nvidia gpg2-2.4.4-150600.3.9.1 as a component of Container suse/cosign:latest gpg2-2.4.4-150600.3.9.1 as a component of Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest gpg2-2.4.4-150600.3.9.1 as a component of Container suse/sle15:15.6 gpg2-2.4.4-150600.3.9.1 as a component of Container suse/sle15:latest gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-BYOS gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-BYOS-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-HPC-BYOS gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-HPC-BYOS-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-HPC-BYOS-EC2 gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-HPC-EC2 gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-Hardened-BYOS gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-Hardened-BYOS-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Azure-3P gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-BYOS gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-BYOS-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Hardened gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Hardened-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Hardened-BYOS gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAP-Hardened-BYOS-Azure gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAPCAL gpg2-2.4.4-150600.3.9.1 as a component of Image SLES15-SP6-SAPCAL-Azure dirmngr-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 gpg2-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 gpg2-lang-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 dirmngr-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 gpg2-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 gpg2-lang-2.4.4-150600.3.9.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 dirmngr-2.4.4-150600.3.9.1 as a component of openSUSE Leap 15.6 gpg2-2.4.4-150600.3.9.1 as a component of openSUSE Leap 15.6 gpg2-lang-2.4.4-150600.3.9.1 as a component of openSUSE Leap 15.6 gpg2-tpm-2.4.4-150600.3.9.1 as a component of openSUSE Leap 15.6 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." CVE-2025-30258 Container bci/spack:0.23:gpg2-2.4.4-150600.3.9.1 Container containers/pytorch:2-nvidia:gpg2-2.4.4-150600.3.9.1 Container suse/cosign:latest:gpg2-2.4.4-150600.3.9.1 Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest:gpg2-2.4.4-150600.3.9.1 Container suse/sle15:15.6:gpg2-2.4.4-150600.3.9.1 Container suse/sle15:latest:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-BYOS-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-BYOS:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-HPC-BYOS-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-HPC-BYOS-EC2:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-HPC-BYOS:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-HPC-EC2:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-Hardened-BYOS-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-Hardened-BYOS:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Azure-3P:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-BYOS-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-BYOS:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Hardened-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Hardened-BYOS-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Hardened-BYOS:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP-Hardened:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAP:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAPCAL-Azure:gpg2-2.4.4-150600.3.9.1 Image SLES15-SP6-SAPCAL:gpg2-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:dirmngr-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:gpg2-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:gpg2-lang-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:dirmngr-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:gpg2-2.4.4-150600.3.9.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:gpg2-lang-2.4.4-150600.3.9.1 openSUSE Leap 15.6:dirmngr-2.4.4-150600.3.9.1 openSUSE Leap 15.6:gpg2-2.4.4-150600.3.9.1 openSUSE Leap 15.6:gpg2-lang-2.4.4-150600.3.9.1 openSUSE Leap 15.6:gpg2-tpm-2.4.4-150600.3.9.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502259-1/ https://www.suse.com/security/cve/CVE-2025-30258.html CVE-2025-30258 https://bugzilla.suse.com/1239817 SUSE Bug 1239817