Red Hat Product Errata RHSA-2026:0974 - Security Advisory
Issued:
2026-01-22
Updated:
2026-01-22

RHSA-2026:0974 - Security Advisory

Synopsis

Important: gnupg2 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gnupg2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards.

Security Fix(es):

  • GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write (CVE-2025-68973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2425966 - CVE-2025-68973 GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
gnupg2-2.2.20-3.el8_6.1.src.rpm SHA-256: e843398754741161bbe0876373e3e0fc409276dbbeda90a2550800bec6900fbe
x86_64
gnupg2-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: aa93cbbbea4e0910cb252b362f3de9e0d61eef122597eba84684c244127bb3bf
gnupg2-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 5fc746e76d50122df00f5ce6c73424cd0192471ff4cb0e982af4a08b10fcf4d3
gnupg2-debugsource-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 1d167caf2ce030e3aa69e607a923c88f6734c6ccf2293dd36334ae4c5d9e7eaa
gnupg2-smime-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 491856426ac323bb28ec7347c7d0b61d2099a9fa99ac15a36ac842a678f86d41
gnupg2-smime-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 58c104798800941f5f8b8d711fba65bc6a8cb85063ecedfa3dbe0f198c42f77d

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
gnupg2-2.2.20-3.el8_6.1.src.rpm SHA-256: e843398754741161bbe0876373e3e0fc409276dbbeda90a2550800bec6900fbe
x86_64
gnupg2-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: aa93cbbbea4e0910cb252b362f3de9e0d61eef122597eba84684c244127bb3bf
gnupg2-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 5fc746e76d50122df00f5ce6c73424cd0192471ff4cb0e982af4a08b10fcf4d3
gnupg2-debugsource-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 1d167caf2ce030e3aa69e607a923c88f6734c6ccf2293dd36334ae4c5d9e7eaa
gnupg2-smime-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 491856426ac323bb28ec7347c7d0b61d2099a9fa99ac15a36ac842a678f86d41
gnupg2-smime-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 58c104798800941f5f8b8d711fba65bc6a8cb85063ecedfa3dbe0f198c42f77d

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
gnupg2-2.2.20-3.el8_6.1.src.rpm SHA-256: e843398754741161bbe0876373e3e0fc409276dbbeda90a2550800bec6900fbe
x86_64
gnupg2-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: aa93cbbbea4e0910cb252b362f3de9e0d61eef122597eba84684c244127bb3bf
gnupg2-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 5fc746e76d50122df00f5ce6c73424cd0192471ff4cb0e982af4a08b10fcf4d3
gnupg2-debugsource-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 1d167caf2ce030e3aa69e607a923c88f6734c6ccf2293dd36334ae4c5d9e7eaa
gnupg2-smime-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 491856426ac323bb28ec7347c7d0b61d2099a9fa99ac15a36ac842a678f86d41
gnupg2-smime-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 58c104798800941f5f8b8d711fba65bc6a8cb85063ecedfa3dbe0f198c42f77d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
gnupg2-2.2.20-3.el8_6.1.src.rpm SHA-256: e843398754741161bbe0876373e3e0fc409276dbbeda90a2550800bec6900fbe
ppc64le
gnupg2-2.2.20-3.el8_6.1.ppc64le.rpm SHA-256: 56fa2e847c4f21e6076f3a8300d0b9a2ebd874b94bf2e297c0a474a609c2333a
gnupg2-debuginfo-2.2.20-3.el8_6.1.ppc64le.rpm SHA-256: aa1deeec7236f26b89a6cd838f5f12e822f59979b4aaac27ef4be3f1d4e1318c
gnupg2-debugsource-2.2.20-3.el8_6.1.ppc64le.rpm SHA-256: bf78d8474b84ecaaf406279b6fdde9b3b076fbbb04bbdd425aa7cd1ec5aac661
gnupg2-smime-2.2.20-3.el8_6.1.ppc64le.rpm SHA-256: c40792b0cc9ea201f7e82b8d30bce0df93d24f64858ef4c4223fb03628c95df7
gnupg2-smime-debuginfo-2.2.20-3.el8_6.1.ppc64le.rpm SHA-256: 48d25b03aecbfcab19f47a5fda16f5e7cb125e4e35afa4355b85b859286f5262

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
gnupg2-2.2.20-3.el8_6.1.src.rpm SHA-256: e843398754741161bbe0876373e3e0fc409276dbbeda90a2550800bec6900fbe
x86_64
gnupg2-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: aa93cbbbea4e0910cb252b362f3de9e0d61eef122597eba84684c244127bb3bf
gnupg2-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 5fc746e76d50122df00f5ce6c73424cd0192471ff4cb0e982af4a08b10fcf4d3
gnupg2-debugsource-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 1d167caf2ce030e3aa69e607a923c88f6734c6ccf2293dd36334ae4c5d9e7eaa
gnupg2-smime-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 491856426ac323bb28ec7347c7d0b61d2099a9fa99ac15a36ac842a678f86d41
gnupg2-smime-debuginfo-2.2.20-3.el8_6.1.x86_64.rpm SHA-256: 58c104798800941f5f8b8d711fba65bc6a8cb85063ecedfa3dbe0f198c42f77d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.