Red Hat Product Errata RHSA-2026:0719 - Security Advisory
Issued:
2026-01-15
Updated:
2026-01-15

RHSA-2026:0719 - Security Advisory

Synopsis

Important: gnupg2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gnupg2 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

  • GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

  • BZ - 2425966 - CVE-2025-68973 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

Red Hat Enterprise Linux for x86_64 9

SRPM
gnupg2-2.3.3-5.el9_7.src.rpm SHA-256: 88d0f8bfaf376b52de7a56de608af034ceae7a42ca20e32166bc79199cf2234d
x86_64
gnupg2-2.3.3-5.el9_7.x86_64.rpm SHA-256: 03ff58d6f0fd39f3575c830610488d1efd9405ddf8410f78deffdd89f932ecb4
gnupg2-debuginfo-2.3.3-5.el9_7.x86_64.rpm SHA-256: 01aee69e0b881097a0325b3735f43e431e8047260868200b13b24ebf39e8b7c4
gnupg2-debuginfo-2.3.3-5.el9_7.x86_64.rpm SHA-256: 01aee69e0b881097a0325b3735f43e431e8047260868200b13b24ebf39e8b7c4
gnupg2-debugsource-2.3.3-5.el9_7.x86_64.rpm SHA-256: 0c9ecc0c56feca87cb56e9b51e53fb585b01cc00def71bd7f9c137e4ae87cee4
gnupg2-debugsource-2.3.3-5.el9_7.x86_64.rpm SHA-256: 0c9ecc0c56feca87cb56e9b51e53fb585b01cc00def71bd7f9c137e4ae87cee4
gnupg2-smime-2.3.3-5.el9_7.x86_64.rpm SHA-256: 05bf049a4b12c6f229d3d8ef07834d01d85ef5a7964443852c0b41ae005f7b17
gnupg2-smime-debuginfo-2.3.3-5.el9_7.x86_64.rpm SHA-256: 4925367c0f5a2b231bea3f7254da5316606359d8d40e845a6f48ff8435886d51
gnupg2-smime-debuginfo-2.3.3-5.el9_7.x86_64.rpm SHA-256: 4925367c0f5a2b231bea3f7254da5316606359d8d40e845a6f48ff8435886d51

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
gnupg2-2.3.3-5.el9_7.src.rpm SHA-256: 88d0f8bfaf376b52de7a56de608af034ceae7a42ca20e32166bc79199cf2234d
s390x
gnupg2-2.3.3-5.el9_7.s390x.rpm SHA-256: 4a2635adb8f4462f0ef9396ef3ccde9b700701d23f3cb4a8e6f23a4ea94e7a50
gnupg2-debuginfo-2.3.3-5.el9_7.s390x.rpm SHA-256: a7c0bcd0079185297fda626adc6bddf6d75cb00b643c85635e71ee712a8b96ce
gnupg2-debuginfo-2.3.3-5.el9_7.s390x.rpm SHA-256: a7c0bcd0079185297fda626adc6bddf6d75cb00b643c85635e71ee712a8b96ce
gnupg2-debugsource-2.3.3-5.el9_7.s390x.rpm SHA-256: 29d85b0957a70bcec485ecbabad4d45f718585eb35f865454d605ad3c8d182b8
gnupg2-debugsource-2.3.3-5.el9_7.s390x.rpm SHA-256: 29d85b0957a70bcec485ecbabad4d45f718585eb35f865454d605ad3c8d182b8
gnupg2-smime-2.3.3-5.el9_7.s390x.rpm SHA-256: cb19ca2bf36f1784fac580a2f23a412dac3f507a58478432d4127c70f91f9a25
gnupg2-smime-debuginfo-2.3.3-5.el9_7.s390x.rpm SHA-256: cdea5e74516232f66b502d04718b0767e68fab076318ac5b02b57e6b95480ba0
gnupg2-smime-debuginfo-2.3.3-5.el9_7.s390x.rpm SHA-256: cdea5e74516232f66b502d04718b0767e68fab076318ac5b02b57e6b95480ba0

Red Hat Enterprise Linux for Power, little endian 9

SRPM
gnupg2-2.3.3-5.el9_7.src.rpm SHA-256: 88d0f8bfaf376b52de7a56de608af034ceae7a42ca20e32166bc79199cf2234d
ppc64le
gnupg2-2.3.3-5.el9_7.ppc64le.rpm SHA-256: a9650c2049dd15e6fbd731cbe8b6fa8fa3684758a14f0538ffec8c2b22df0d9a
gnupg2-debuginfo-2.3.3-5.el9_7.ppc64le.rpm SHA-256: 3228cb130bba68297fc1d507d970078c77b325d79a39257c322ca24278269205
gnupg2-debuginfo-2.3.3-5.el9_7.ppc64le.rpm SHA-256: 3228cb130bba68297fc1d507d970078c77b325d79a39257c322ca24278269205
gnupg2-debugsource-2.3.3-5.el9_7.ppc64le.rpm SHA-256: 4fb3e37bf605e68e54193a3e02c55464bb6c2933e7f1b5acc960796974b265d4
gnupg2-debugsource-2.3.3-5.el9_7.ppc64le.rpm SHA-256: 4fb3e37bf605e68e54193a3e02c55464bb6c2933e7f1b5acc960796974b265d4
gnupg2-smime-2.3.3-5.el9_7.ppc64le.rpm SHA-256: f5d01cf606f68e0572a97a646c008a6e6dd117e1b54fe013b1e865aaeb4bf2ea
gnupg2-smime-debuginfo-2.3.3-5.el9_7.ppc64le.rpm SHA-256: e7cc3e8bbf1f0e1e06900e3b7a7932ffd9f9ca7cdd73b11f7fe93b38a3815ecf
gnupg2-smime-debuginfo-2.3.3-5.el9_7.ppc64le.rpm SHA-256: e7cc3e8bbf1f0e1e06900e3b7a7932ffd9f9ca7cdd73b11f7fe93b38a3815ecf

Red Hat Enterprise Linux for ARM 64 9

SRPM
gnupg2-2.3.3-5.el9_7.src.rpm SHA-256: 88d0f8bfaf376b52de7a56de608af034ceae7a42ca20e32166bc79199cf2234d
aarch64
gnupg2-2.3.3-5.el9_7.aarch64.rpm SHA-256: dd1113b6c4d5a8ccf4b265ac5e3b944c69dfecbc5798286dbf1464eae82ccffb
gnupg2-debuginfo-2.3.3-5.el9_7.aarch64.rpm SHA-256: ab2c3c28f699018f755e386c0b03abe0c55039e004c62ad2bd411988516401e3
gnupg2-debuginfo-2.3.3-5.el9_7.aarch64.rpm SHA-256: ab2c3c28f699018f755e386c0b03abe0c55039e004c62ad2bd411988516401e3
gnupg2-debugsource-2.3.3-5.el9_7.aarch64.rpm SHA-256: f65ff66dcdd06bbc6b1058b561aac2d3eec42623f7b494e9e2f0be4b78fa68ed
gnupg2-debugsource-2.3.3-5.el9_7.aarch64.rpm SHA-256: f65ff66dcdd06bbc6b1058b561aac2d3eec42623f7b494e9e2f0be4b78fa68ed
gnupg2-smime-2.3.3-5.el9_7.aarch64.rpm SHA-256: 49563e854406843765e6c16ba05e2fedef86fcde26b8dc96cfa1dadf445357e9
gnupg2-smime-debuginfo-2.3.3-5.el9_7.aarch64.rpm SHA-256: c7f5a0014239f38834de861ad4c02002bac1541bedc2c9ad200dde4eb25015d0
gnupg2-smime-debuginfo-2.3.3-5.el9_7.aarch64.rpm SHA-256: c7f5a0014239f38834de861ad4c02002bac1541bedc2c9ad200dde4eb25015d0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.