#685 ✓released

update Libgcrypt to 1.6.6

Reported by steve | August 18th, 2016 @ 01:36 PM | in 2.0.30_2016.10 (closed)

on 2016-08-17 werner announced on gpg announce list:


All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
on all platforms.

A first analysis on the impact of this bug in GnuPG shows that existing
RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.
This needs more research and I would suggest not to overhasty revoke


If you are using a vendor supplied version of GnuPG or Libgcrypt:

  • Wait for an update from your vendor.

If you are using a GnuPG-2 version (2.0.x or 2.1.x):

  • Update Libgcrypt. We have released these fixed versions of Libgcrypt: 1.7.3, 1.6.6, and 1.5.6. See below for download

If you are using GnuPG-1 version (1.4.x):

  • Update as soon as possible to GnuPG 1.4.21. See below for download information.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Shared Ticket Bins

People watching this ticket