Synopsis:
gnupg2 security updateSummary:
An update for gnupg2 is now available for openEuler-24.03-LTS-SP1Description:
GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories.
Security Fix(es):
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.(CVE-2026-57062)Topic:
An update for gnupg2 is now available for openEuler-24.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
LowAffected Component:
gnupg2
2.4.3-16.oe2403sp12.4.3-16.oe2403sp12.4.3-16.oe2403sp12.4.3-16.oe2403sp1Exploitability
AV:LAC:HPR:NUI:NScope
S:UImpact
C:NI:LA:N2.9/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N