A serious vulnerability has been found in the latest version of GNU Privacy Guard (GnuPG)‘s free encryption software cryptographic library, Libgcrypt 1.9.0. Libgcrypt is GnuPG’s general purpose cryptographic library GnuPG, but a number of other encryption software’s also employ it.
Libgcrypt 1.9.0 was originally been released last week, on 19th January 2021, and was supposed to be integrated into the latest GnuPG 2.3 release. However, Werner Koch, the author of Libgcrypt and the principal developer of GnuPG, sent an urgent warning to the project’s mailing list telling users to avoid Libgcrypt 1.9.0.
The warning read, “A severe bug was reported yesterday evening against Libgcrypt 1.9.0 which we released last week. A new version to fix this as well as a couple of build problems will be released today. In the meantime please stop using 1.9.0.”