Security News

GnuPG crypto library can be pwned during decryption – patch now!
2021-01-31 02:12

Bug hunter Tavis Ormandy of Google's Project Zero just discovered a dangerous bug in the GNU Privacy Guard team's libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it's probably best known as the encryption library used by the GNU Privacy Guard team's own widely deployed GnuPG software.

“Serious” vulnerability found in Libgcrypt, GnuPG’s cryptographic library
2021-01-29 10:01

Libgcrypt 1.9.0, the newest version of a cryptographic library integrated in the GNU Privacy Guard free encryption software, has a "Severe" security vulnerability and should not be used, warned Werner Koch. Libgcrypt is a general purpose cryptographic library used by GnuPG, but some other encryption software also employ it.

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug
2018-06-19 07:30

Brinkmann files third signature spoof vulnerability in a month Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to...

Vulnerability in GnuPG allowed digital signature spoofing for decades
2018-06-15 16:31

A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail...

GnuPG Flaw in Encryption Tools Lets Attackers Spoof Anyone's Signature
2018-06-15 10:03

A security researcher has discovered a critical vulnerability in some of the world's most popular and widely used email encryption clients that use OpenPGP standard and rely on GnuPG for...

GnuPG Vulnerability Allows Spoofing of Message Signatures
2018-06-14 18:30

GnuPG recently addressed an input sanitization vulnerability where a remote attacker could spoof arbitrary signatures. read more

GnuPG patched to thwart 'fake filename'
2018-06-12 04:58

Missing input sanitisation fixed after hacker spat If you're a developer relying on GnuPG, check upstream for an update that plugs an input sanitisation bug.…

Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library (The Hackers News)
2017-07-04 00:32

Security boffins have discovered a critical vulnerability in a GnuPG cryptographic library that allowed the researchers to completely break RSA-1024 and successfully extract the secret RSA key to...

GnuPG developers start new fundraising effort (Help Net Security)
2017-06-07 22:37

Werner Koch and his team of GnuPG developers are asking for funding for the continued development of the popular free email and data encryption software. What is GnuPG, and why you should care...