Issued at: 2026-01-17
Updated at: 2026-01-21
Synopsis
Important: gnupg2 security update
Description
The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.
Security Fix(es):
* GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected products
Rocky Linux 8 aarch64
Rocky Linux 8 x86_64
Fixes
2425966
CVEs
CVE-2025-68973
Affected packages
Rocky Linux 8 aarch64 - BaseOS
gnupg2-0:2.2.20-4.el8_10.aarch64.rpm
gnupg2-0:2.2.20-4.el8_10.src.rpm
gnupg2-debuginfo-0:2.2.20-4.el8_10.aarch64.rpm
gnupg2-debugsource-0:2.2.20-4.el8_10.aarch64.rpm
gnupg2-smime-0:2.2.20-4.el8_10.aarch64.rpm
gnupg2-smime-debuginfo-0:2.2.20-4.el8_10.aarch64.rpm
Rocky Linux 8 x86_64 - BaseOS
gnupg2-0:2.2.20-4.el8_10.src.rpm
gnupg2-0:2.2.20-4.el8_10.x86_64.rpm
gnupg2-debuginfo-0:2.2.20-4.el8_10.x86_64.rpm
gnupg2-debugsource-0:2.2.20-4.el8_10.x86_64.rpm
gnupg2-smime-0:2.2.20-4.el8_10.x86_64.rpm
gnupg2-smime-debuginfo-0:2.2.20-4.el8_10.x86_64.rpm