|
|
Log in / Subscribe / Register

Ubuntu alert USN-7946-2 (gnupg)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7946-2] GnuPG vulnerability


Date:
              Thu, 08 Jan 2026 20:37:40 +0000


Message-ID:
              <E1vdwlI-0001v0-8g@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7946-2
January 08, 2026

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

GnuPG could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement

Details:

USN-7946-1 fixed vulnerabilities in GnuPG 2.x.
This update provides the corresponding updates for GnuPG 1.x.

Original advisory details:
  It was discovered that GnuPG incorrectly handled crafted input.
  A remote attacker could possibly use this issue to crash the program,
  or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  gnupg                           1.4.20-1ubuntu3.3+esm3
                                  Available with Ubuntu Pro
  gpgv                            1.4.20-1ubuntu3.3+esm3
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  gnupg                           1.4.16-1ubuntu2.6+esm2
                                  Available with Ubuntu Pro
  gpgv                            1.4.16-1ubuntu2.6+esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7946-2
  https://ubuntu.com/security/notices/USN-7946-1
  CVE-2025-68973




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlgEd4ACgkQcpJm3tlz
hgE78hAAyl1qlxhkq4Y7ZGGemXFZ7pLziZ2sgKbNt5Bd8U6Yx7WM/9jyXQDLXu95
vXEtc9ZMp4aqzeqvMqqpB+gxCHE3UCNcnfr66tZiYhSHecQu7xjtarIHU8uDGFtE
gswE7gd99AtmAtwr1rbJ8szJAAqem2NFZsgfnkmttR8M7151b1/xzcM7QbFsG6iG
QOMg/z0EhefQvYtbvPxeo1VpKlmyLrdgY3RVfWbEQVVYbUM9AfAoV6wweogBtKnk
GG/J8lpoBlpBqYti+paxo4ZwCJNXaSbcqPKU8TgrAi78WQoKY/VvnHe8n4NyYYE7
YcxQQBK0uq+QVt+7cVx7MWI2sHL1xDMvHZeHo8C14OzHiXePP0JYIj2qNgA025y6
Sh9wOJ81sUkBSFXmGJJXlW8e1rWIt6pOoYBGu3DfMmKJaFJk/zuzRFxiH9I/KHuu
JVuxojM08Pt5305yNw2rIrKIY40caTeIoe4TyiTNrem8e2VZY0UTpP2iEWCUGRpE
PCS2AbpQybdPZLF62IJrhEPez1+K9e9kCuJnIOudaNiTrdwYciq5o5gBastPhOle
NdUaujUmYSSkGwieDT1gVPCNzpapuUHowms/O7RNxTICt35Hdd9ylzUBVaq76+r5
pouTHgjTm0wmSihgyeMBUnG9CbFu94UijbiBU8lauTh4uu3Yh+s=
=mOtw
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds