Issued:: 2026-01-15
Updated:: 2026-01-15

RHSA-2026:0728 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gnupg2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2425966 - CVE-2025-68973 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

CVEs

CVE-2025-68973

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
gnupg2-2.2.20-4.el8_10.src.rpm	SHA-256: 345f6671c0d245332dafe59654200e5634483206c511811bcd7206a083abd22e
x86_64
gnupg2-2.2.20-4.el8_10.x86_64.rpm	SHA-256: 1ea1a4df8ba2ce333ce658f597f48d6b485faa2dcb2531eb8aa1c10fcc9b8522
gnupg2-debuginfo-2.2.20-4.el8_10.x86_64.rpm	SHA-256: 71c0fdfe1b0ef6431cf1ac789dcfc95b23e2d877bd41f078924e29b35bd91073
gnupg2-debugsource-2.2.20-4.el8_10.x86_64.rpm	SHA-256: 3b768e338f1f3b3840f82297bb52100eef082ab6175ef0ec4f8e72ee74474f3d
gnupg2-smime-2.2.20-4.el8_10.x86_64.rpm	SHA-256: 3b10fa997bd41bd9d8a1bff6a47a8f38662f8315912453f9f74dfa767b694873
gnupg2-smime-debuginfo-2.2.20-4.el8_10.x86_64.rpm	SHA-256: 15ab6b73105b8252d8598a1b990d3a294001b23964ab04235171e52b1af86f4f

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
gnupg2-2.2.20-4.el8_10.src.rpm	SHA-256: 345f6671c0d245332dafe59654200e5634483206c511811bcd7206a083abd22e
s390x
gnupg2-2.2.20-4.el8_10.s390x.rpm	SHA-256: 9707a51f0849fb3e0a722f423533fc61e5f2adb58398bcf6b077567b4c0ffa65
gnupg2-debuginfo-2.2.20-4.el8_10.s390x.rpm	SHA-256: b3f7669d0a34d1f5fa476c549615160db048d6685b7b3aa08cadfcfd962787b6
gnupg2-debugsource-2.2.20-4.el8_10.s390x.rpm	SHA-256: f047614882ca3e9706eac0c1138d1332be0e4e038ccbbe53879544c6f8af08f2
gnupg2-smime-2.2.20-4.el8_10.s390x.rpm	SHA-256: ce7d47eaaa3e7bd5ea851a1b6a21f84d3b143bfb0dc0053bc8b6a094c6bda8ab
gnupg2-smime-debuginfo-2.2.20-4.el8_10.s390x.rpm	SHA-256: 6f03bd90fc218ebcb62cdd23b877833ebb3642367cf6e28f0e984053104bbb19

Red Hat Enterprise Linux for Power, little endian 8

SRPM
gnupg2-2.2.20-4.el8_10.src.rpm	SHA-256: 345f6671c0d245332dafe59654200e5634483206c511811bcd7206a083abd22e
ppc64le
gnupg2-2.2.20-4.el8_10.ppc64le.rpm	SHA-256: 03306342c7b0b7aaacabaf2d8a14efee5fa7682647646a049ffa1bbf403ee1db
gnupg2-debuginfo-2.2.20-4.el8_10.ppc64le.rpm	SHA-256: d1e35747a00e2693d4dc1433fe67c2041898b6cc12e2e64e0d1970f5469bd0e2
gnupg2-debugsource-2.2.20-4.el8_10.ppc64le.rpm	SHA-256: 43ad3fdecff507b6e7b5d6cac31adeba02b1c3a56bd99a231110642c87baaaa1
gnupg2-smime-2.2.20-4.el8_10.ppc64le.rpm	SHA-256: 293038ef11cd9b4ef1967845b854308c147201f4d52b23e7f065d2ed92e433b7
gnupg2-smime-debuginfo-2.2.20-4.el8_10.ppc64le.rpm	SHA-256: b5b88145699ed224c099ae5f752486691654652a7960be9e0c1d4d8de6233d43

Red Hat Enterprise Linux for ARM 64 8

SRPM
gnupg2-2.2.20-4.el8_10.src.rpm	SHA-256: 345f6671c0d245332dafe59654200e5634483206c511811bcd7206a083abd22e
aarch64
gnupg2-2.2.20-4.el8_10.aarch64.rpm	SHA-256: 8f23d1c99631ac9545c029438c22841b41e4a35bed3cf0056854b44d6dea949b
gnupg2-debuginfo-2.2.20-4.el8_10.aarch64.rpm	SHA-256: 7f0d018f7fdfd39a2274f71a600e1baffdbb5cbf87dd4f7f80845d1954c396a1
gnupg2-debugsource-2.2.20-4.el8_10.aarch64.rpm	SHA-256: d4d5cf72c4ccdf34525daf251c38d406005ba3c03b3a77bc1e42641277d9fad6
gnupg2-smime-2.2.20-4.el8_10.aarch64.rpm	SHA-256: dc369a0b36b36d12d38fa03537357298a464f83cf5c5760912acfdff1f6eee48
gnupg2-smime-debuginfo-2.2.20-4.el8_10.aarch64.rpm	SHA-256: a2e26b0cbc6368dc6d311b46e94c77b1a3986340d935f27c303c692d0e28dd49

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation