[CLSA-2026:1776159098] Fix CVE(s): CVE-2025-30258
Type:
security
Severity:
Moderate
Release date:
2026-04-14 09:31:43 UTC
Description:
* SECURITY UPDATE: signature verification DoS via malicious subkey - debian/patches/CVE-2025-30258.patch: require signing usage when looking up public key for signature verification, filtering out subkeys without valid backsig. Include upstream regression fixes to preserve verification of signatures from expired/revoked keys. Widen pubkey_usage and req_usage fields from byte to u16 to prevent PUBKEY_USAGE_VERIFY (16384) from being truncated on GnuPG 2.2.x. Add primary-key-only lookup during import to prevent malicious subkey attack at import time. Fix double-free in check_signature_over_key_or_uid when signer is caller-owned. - CVE-2025-30258
Updated packages:
  • dirmngr_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:9f7193778db5aea55707c09aeb4c45ada0291514
  • gnupg_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:199cde1d738f0f72527836865b2c3ec01ef1098e
  • gnupg-agent_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:5d2c1e812bfbb228f149b6e4fb6e015d391f320c
  • gnupg-l10n_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:6d2444c4a6da540317e070c268b18a10fdbff00a
  • gnupg-utils_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:d966e6e453f49d407900bb48758c64f0ff89b84c
  • gnupg2_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:b48eca80f9fd6995d77568f631d64481c660a685
  • gpg_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:0b14ddbcc0d4ca970e5f3056f829f58e97fdee50
  • gpg-agent_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:b6a5576de42822d15f885afcb05c831392d09903
  • gpg-wks-client_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:485341eb249c8fe33fa5eed69a719a9f3f823ac4
  • gpg-wks-server_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:03c50b85002c0f22284e97a68884e9ab6e87e27d
  • gpgconf_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:c53d1c771077f6689253f039fb78604659a75d4c
  • gpgsm_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:1359d1dcecc93faee4ae5660d5ef2a2b5807591a
  • gpgv_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:816ff192f1af1f5a039ed16b6bd9ba770f153f05
  • gpgv-static_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:2d8fa840178d76bd3028b33bf0b34c386b3b5f00
  • gpgv-win32_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:8f6f33895dda0655c8551b02a92efc9d19d5b074
  • gpgv2_2.2.12-1+deb10u2+tuxcare.els2_all.deb
    sha:6bce4709acd3ec991ab57a98491f198bf29215c1
  • scdaemon_2.2.12-1+deb10u2+tuxcare.els2_amd64.deb
    sha:04b54c4dbe52e856d6a2037a753e3e975f8a2a98
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.