A critical GnuPG security update
Date:
Tue, 27 Jan 2026 17:31:31 +0000
Description:
There is a new GnuPG update for a " critical security bug " in recent
GnuPG releases. A crafted CMS (S/MIME) EnvelopedData message carrying an oversized
wrapped session key can cause a stack buffer overflow in gpg-agent
during the PKDECRYPT--kem=CMS handling. This can easily be used
for a DoS but, worse, the memory corruption can very likley also be
used to mount a remote code execution attack. The bug was
introduced while changing an internal API to the FIPS required KEM
API. Only versions 2.5.13 through 2.5.16 are affected.
======================================================================
Link to news story:
https://lwn.net/Articles/1056209/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)