[SECURITY] [DLA 4437-1] gnupg2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4437-1] gnupg2 security update
From: Roberto C. Sánchez <roberto@debian.org>
Date: Wed, 14 Jan 2026 11:49:27 -0500
Message-id: <[🔎] aWfJF3vzECsKky89@localhost>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4437-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                  Roberto C. Sánchez
January 14, 2026                              https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : gnupg2
Version        : 2.2.27-2+deb11u3
CVE ID         : CVE-2025-68973
Debian Bug     : 1124221

Several issues have been discovered in gnupg2, a tool for secure
communication and data storage.

CVE-2025-68973

    There exist memory corruptions in the armor parsing code of GnuPG
    that can be exploited to provide primitives like out of bounds
    buffer read and write. This might be exploitable to the point of
    remote code execution (RCE).

Additional issues:

    + Potential key signature digest algorithm downgrade.

      GnuPG may downgrade the message digest algorithm to insecure SHA1
      algorithm during signature checking due to reading from
      uninitialized memory. This reduces the security of User ID
      Certification Signatures to that of SHA1. SHA1 suffers from known
      cryptographic weaknesses like chosen prefix attacks.

    + Multiple plaintext attack on detached PGP signatures.

      An attacker can arbitrarily swap the plaintext shown to a GnuPG
      user, when the user verifies a detached signature versus views it
      with `--decrypt`. This attack allows deceiving users verifying
      messages, following GnuPG usage best practices about the content
      of a message signed with a detached signature. Note, that it is
      possible in many scenarios to convert between signature types,
      i.e., convert a different signature type to a detached signature.

    + GnuPG Accepts Path Separators and Path Traversals in Literal Data.

      GnuPG accepts arbitrary file paths in the unsigned Literal Data
      packet filename field and uses that value without sufficient
      sanitization. In combination with tricking a user with ANSI
      formatted output that changes GnuPG output with deceptive apparent
      GnuPG logs, this can lead to creation or overwrite of any file on
      the system the user can write to, including executable files which
      the user may later execute.

For Debian 11 bullseye, these problems have been fixed in version
2.2.27-2+deb11u3.

We recommend that you upgrade your gnupg2 packages.

For the detailed security status of gnupg2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gnupg2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 4436-1] linux-6.1 security update
Next by Date: [SECURITY] [DLA 4438-1] mongo-c-driver security update
Previous by thread: [SECURITY] [DLA 4436-1] linux-6.1 security update
Next by thread: [SECURITY] [DLA 4438-1] mongo-c-driver security update
Index(es):
- Date
- Thread