![]() ![]() In theory, this vulnerability could lead to what’s known as RCE, short for Remote code Execution, because the bug can be triggered simply by sending libgcrypt a block of booby-trapped data to decrypt. gpg features complete key management and all bells and whistles you can expect from a decent OpenPGP implementation. It is a tool to provide digital encryption and signing services using the OpenPGP standard. Gpg is the OpenPGP-only version of the GNU Privacy Guard (GnuPG). GnuPG is included and used for digital security in many Linux distributions: The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy Guard team’s own widely deployed GnuPG software (that’s the package you are using when you run the command gpg or gpg2). Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |