GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories.
Security Fix(es):
CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182.(CVE-2026-57062)
{
"severity": "Low"
}{
"aarch64": [
"gnupg2-2.4.3-16.oe2403sp3.aarch64.rpm",
"gnupg2-debuginfo-2.4.3-16.oe2403sp3.aarch64.rpm",
"gnupg2-debugsource-2.4.3-16.oe2403sp3.aarch64.rpm"
],
"noarch": [
"gnupg2-help-2.4.3-16.oe2403sp3.noarch.rpm"
],
"x86_64": [
"gnupg2-2.4.3-16.oe2403sp3.x86_64.rpm",
"gnupg2-debuginfo-2.4.3-16.oe2403sp3.x86_64.rpm",
"gnupg2-debugsource-2.4.3-16.oe2403sp3.x86_64.rpm"
],
"src": [
"gnupg2-2.4.3-16.oe2403sp3.src.rpm"
]
}