Some of Our Sources
- Web Designer Wall
- Pearsonified
- Abduzeedo
- You The Designer
- Inspiredology
- FanExtra - PSD
- Reencoded
- 24 Ways
- Stylized Web
- Spyre Studios
Help Webnuz
Referal links:
January 31, 2021 09:34 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/95dlutrfwuU/a-severe-bug-was-found-in-libgcrypt-gnupgs-cryptographic-library
A 'Severe' Bug Was Found In Libgcrypt, GnuPG's Cryptographic Library
Early Friday the principal author of GNU Privacy Guard (the free encryption software) warned that version 1.9.0 of its cryptographic library Libgcrypt, released January 19, had a "severe" security vulnerability and should not be used. A new version 1.9.1, which fixes the flaw, is available for download, Help Net Security reports:He also noted that Fedora 34 (scheduled to be released in April 2021) and Gentoo Linux are already using the vulnerable version... [I]t's a heap buffer overflow due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data, no verification or signature is validated before the vulnerability occurs. It was discovered and flagged by Google Project Zero researcher Tavis Ormandy and affects only Libgcrypt v1.9.0. "Exploiting this bug is simple and thus immediate action for 1.9.0 users is required..." Koch posted on the GnuPG mailing list. "The 1.9.0 tarballs on our FTP server have been renamed so that scripts won't be able to get this version anymore."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/95dlutrfwuU/a-severe-bug-was-found-in-libgcrypt-gnupgs-cryptographic-library
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot