Libgcrypt with an urgent update for the GnuPG software

Libgcrypt 1.9.0 has a severe flaw related to security and is not safe to use, according to its author Werner Koch.

Libgcrypt is a cryptographic library for general purposes that is widely used by GNU Privacy Guard (GnuPG), a free encryption program, as well as other cryptographic software.

Libgcrypt

Libgcrypt 1.9.0 was released to the public on 19th of January and was planned to be included in the next GnuPG 2.3 update.

Just a few days after the release, the latest version of the library, namely 1.9.0, has been detected with a serious vulnerability that puts the users’ security at risk and can be triggered just by decrypting a block of data.

This announcement was published on Friday, 29th of January, by Werner Koch, the main developer of GnuPG, and Libgcrypt’s writer. According to his publication, “a severe bug was reported against Libgcrypt 1.9.0”. In relation to this, all users were asked to stop using this version and to get the new patched version 1.9.1, as well as the patches for a few more build problems.

Koch also noted that the vulnerable edition is being used for Fedora 34 (scheduled for release in April 2021) and Gentoo Linux. The detected bug just affects the 1.9.0 version and Libgcrypt’s developers have already deleted it from the download servers.  

More details regarding the crucial flaw reveal that it stems from a heap buffer overflow caused by an incorrect assumption in the block buffer management code. Koch noted that it is very easy to exploit this vulnerability. It allows for an intruder to write arbitrary code to the targeted computer. Therefore, all 1.9.0 users should take immediate actions and update to version 1.9.1 to prevent potential security issues. All developers that use Libgcrypt 1.9.0 in their applications should also get the patched version as soon as possible.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment

SSL Certificate

Web Safety Checker

About Us

HowToRemove.Guide is your daily source for online security news and tutorials. We also provide comprehensive and easy-to-follow malware removal guides. Watch our videos on interesting IT related topics.

Contact Us: info@howtoremove.guide

HowToRemove.Guide © 2024. All Rights Reserved.

Exit mobile version