Security issue in GPG signed messages

Looks like there is a bug in GPG that would allow someone to inject misc. data into a cyptographically signed or encrypted message without invalidating the signature of the message. Basically, it means that checking the signature status of a GPG email will not guarantee that the message is what the original sender sent.

Seems to effect all versions prior to 1.4.2.2, there are updates available.

More information here.

About D-Caf

I'm a computer geek, what more is there to say?
This entry was posted in Security, Software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *