“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library

2021-01-29 10:01

Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch.

Libgcrypt is a general purpose cryptographic library used by GnuPG, but some other encryption software also employ it.

Koch, who is the principal developer behind GnuPG and the author of Libgcrypt, sent the urgent warning via the project's mailing list.

Libgcrypt 1.9.0 was released on January 19 and was meant to be integrated in the upcoming GnuPG 2.3 release.

In preparation of a GnuPG 2.3 release #Libgcrypt version 1.9.0 has been released today.

Koch did not explain the nature of the reported vulnerability, just warned users to stop using the cryptographic library and announced that a new version with a fix will be released later today.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/0WDGP7Xayvw/

#gnupg #vulnerability