========================================================================== Ubuntu Security Notice USN-7412-3 December 09, 2025
gnupg2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
GnuPG could be made to corrupt a keyring.
Software Description:
- gnupg2: GNU privacy guard - a free PGP replacement
Details:
USN-7412-1 fixed a vulnerability in GnuPG. This update provides the
corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that GnuPG incorrectly handled importing keys with
certain crafted subkey data. If a user or automated system were tricked
into importing a specially crafted key, a remote attacker may prevent
users from importing other keys in the future.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
gnupg 2.2.4-1ubuntu1.6+esm1
Available with Ubuntu Pro
gnupg2 2.2.4-1ubuntu1.6+esm1
Available with Ubuntu Pro
gpg 2.2.4-1ubuntu1.6+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gnupg2 2.1.11-6ubuntu2.1+esm2
Available with Ubuntu Pro
gpgv2 2.1.11-6ubuntu2.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7412-3
https://ubuntu.com/security/notices/USN-7412-2
https://ubuntu.com/security/notices/USN-7412-1
CVE-2025-30258
signature.asc
Description: OpenPGP digital signature
