-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e630ec5c0a 2026-01-06 00:52:00.404988+00:00 --------------------------------------------------------------------------------
Name : gnupg2 Product : Fedora 42 Version : 2.4.9 Release : 1.fc42 URL : https://www.gnupg.org/ Summary : Utility for secure communication and data storage Description : GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2.0 is a newer version of GnuPG with additional support for S/MIME. It has a different design philosophy that splits functionality up into several modules. The S/MIME and smartcard functionality is provided by the gnupg2-smime package. -------------------------------------------------------------------------------- Update Information: New upstream release 2.4.9 fixing several vulnerabilities -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 1 2026 Clemens Lang <[email protected]> - 2.4.9-1 - New upstream release 2.4.9 - Fixes CVE-2025-68973 (https://gpg.fail/memcpy) - Fixes https://gpg.fail/sha1 - Fixes https://gpg.fail/detached * Fri May 16 2025 Jakub Jelen <[email protected]> - 2.4.8-1 - New upstream release 2.4.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2425718 - CVE-2025-68973 gnupg2: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2425718 [ 2 ] Bug #2425765 - CVE-2025-68972 gnupg2: GnuPG: Signature bypass via form feed character in signed messages [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2425765 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e630ec5c0a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
