Summary
GnuPG released version 2.5.17 to address three security vulnerabilities, including a critical stack-based buffer overflow in gpg-agent that allows remote code execution via crafted S/MIME messages.
Take Action:
Update GnuPG and Gpg4win immediately to version 2.5.17 or 5.0.1. There are multiple flaws that should not be ignored. If you cannot patch, remove the gpgsm binary to block the primary remote attack vector.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)