GnuPG 2.2.23 released, fixing a critical security flaw

GNU Privacy Guard (GnuPG or GPG) has released version 2.2.23 to fix a critical security bug affecting GnuPG 2.2.21 and 2.2.22, as well as Gpg4win 3.1.12. "Importing an OpenPGP key having a preference list for AEAD algorithmswill lead to an array overflow and thus often to a crash or otherundefined behaviour.Importing an arbitrary key can often easily be triggered by an attackerand thus triggering this bug. Exploiting the bug aside from crashes isnot trivial but likely possible for a dedicated attacker. The majorhurdle for an attacker is that only every second byte is under theircontrol with every first byte having a fixed value of 0x04.Software distribution verification should not be affected by this bugbecause such a system uses a curated list of keys."