Critical security problem in Libgcrypt 1.9.0

Post Syndicated from original https://lwn.net/Articles/844531/rss

The GNU Privacy Guard (GnuPG or GPG) project has announced a critical security bug in Libgcrypt version 1.9.0 released January 19. “Libgcrypt is a general purpose library of cryptographic building blocks.
It is originally based on code used by GnuPG. It does not provide any
implementation of OpenPGP or other protocols. Thorough understanding of
applied cryptography is required to use Libgcrypt.” Version 1.9.1 has been released to address the problem and all users of 1.9.0 should update immediately. It is a heap buffer overflow, but no version of GnuPG uses the 1.9 series yet. “Exploiting this bug is simple and thus immediate action for 1.9.0 users
is required. A CVE-id has not yet been assigned. We track this bug at
https://dev.gnupg.org/T5275. The 1.9.0 tarballs on our FTP server have
been renamed so that scripts won't be able to get this version anymore.

Trending
Introducing AWS Glue crawler and create table support for Apache Iceberg format