James Posted January 30, 2021 Report Share Posted January 30, 2021 Libgcrypt is a general-purpose crypto module developed for GNU Privacy Guard (GnuPG or GPG), a free software implementation of the OpenPGP standard. The Libgcrypt update to v1.9.0 was released on 19th January 2021. It included faster implementations for Poly1305 and ChaCha, and improved use of AES-NI to speed up AES-XTS (6 times faster). https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000453.html Unfortunately Google Project Zero researcher Tavis Ormandy reported a severe flaw in this update. The identified bug is a heap buffer overflow and it's considered rather serious because it's easily exploitable. Previous versions are not affected. Upgrading to v1.9.1 is recommended. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.