{ "schema_version": "1.7.0", "id": "MGASA-2026-0197", "published": "2026-06-11T16:55:52Z", "modified": "2026-06-11T16:07:41Z", "summary": "Updated gnupg2 packages fix security vulnerabilities", "details": "CVE-2025-68973, armor_filter in g10/armor.c has two increments of an\nindex variable where one is intended, leading to an out-of-bounds write\nfor crafted input.\nCVE-2026-24882, a stack-based buffer overflow exists in tpm2daemon\nduring handling of the PKDECRYPT command for TPM-backed RSA and ECC\nkeys.\nCVE-2026-24883, a long signature packet length causes parse_signature to\nreturn success with sig->data[] set to a NULL value, leading to a denial\nof service (application crash).\nUpstream has still not fixed CVE-2025-68972. We will be tracking the solution\nand providing an update to fix it when possible. \n", "upstream": [ "CVE-2025-68973", "CVE-2026-24882", "CVE-2026-24883" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0197.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=34934" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2025/12/28/1" }, { "type": "ADVISORY", "url": "https://ubuntu.com/security/notices/USN-7946-1" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2026/01/27/8" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2026/01/27/11" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "gnupg2", "purl": "pkg:rpm/mageia/gnupg2?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.3.8-1.5.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }