“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library

By | 4:13 AM Leave a Comment

Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard (GnuPG) free encryption software, has a “severe” security vulnerability and should not be used, warned Werner Koch.

Libgcrypt vulnerability

Libgcrypt vulnerability warning

Libgcrypt is a general purpose cryptographic library used by GnuPG, but some other encryption software also employ it.

Koch, who is the principal developer behind GnuPG and the author of Libgcrypt, sent the urgent warning via the project’s mailing list.

Libgcrypt 1.9.0 was released on January 19 and was meant to be integrated in the upcoming GnuPG 2.3 release.

Koch did not explain the nature of the reported vulnerability, just warned users to stop using the cryptographic library and announced that a new version with a fix (as well as fixes for a couple build problems) will be released later today.

He also noted that Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version.


from Help Net Security https://ift.tt/2Yp8aXl

0 comments:

Post a Comment