gnupg2-2.2.20-4.el8_10

エラータID: AXSA:2026-045:02

Release date: 
Tuesday, January 20, 2026 - 16:48
Subject: 
gnupg2-2.2.20-4.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

* GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-68973
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Solution: 

Update packages.

CVEs: 
CVE-2025-68973
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Additional Info: 

N/A

Download: 

SRPMS
  1. gnupg2-2.2.20-4.el8_10.src.rpm
    MD5: ed7c31a5f2833cbf8b6fe7c7e679017d
    SHA-256: 02c089fce5f5cd15075d3c2b472a060aaeabb4be9026692e0ed198cc0ec43158
    Size: 6.52 MB

Asianux Server 8 for x86_64
  1. gnupg2-2.2.20-4.el8_10.x86_64.rpm
    MD5: 9a5a7ab035f50a147070fe9185fe24d5
    SHA-256: f7f3fc900c7199cbbc0397b2bef783e890e2c243856013b900646f5465b6a921
    Size: 2.40 MB
  2. gnupg2-smime-2.2.20-4.el8_10.x86_64.rpm
    MD5: e0cd14b1bc50927238edcbcc5224a865
    SHA-256: 2a19ce992b4bca4750a7628394d9116c9961cf2f2e938b57109b9e9251695892
    Size: 282.09 kB