Advisories » MGASA-2026-0212

Updated libgcrypt packages fix security vulnerability

Publication date: 15 Jun 2026
Modification date: 15 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-41989

Description

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow
and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
(CVE-2026-41989)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35427
• https://www.openwall.com/lists/oss-security/2026/04/21/1
• https://lists.debian.org/debian-security-announce/2026/msg00205.html
• https://ubuntu.com/security/notices/USN-8319-1
• https://www.cve.org/CVERecord?id=CVE-2026-41989

SRPMS

9/core

• libgcrypt-1.10.2-2.1.mga9