Post Syndicated from original https://lwn.net/Articles/911467/

Version 2.3.8 of the GNU Privacy Guard is out. It contains a few new
features but the real purpose is to fix CVE-2022-3515,
an integer overflow vulnerability that can be exploited remotely for code
execution via a, for example, malicious S/MIME attachment. Note that the
actual vulnerability is in the libksba library, which is
normally packaged separately on Linux systems.