Critical security problem in Libgcrypt 1.9.0

The GNU Privacy Guard (GnuPG or GPG) project has announced a critical security bug in Libgcrypt version 1.9.0 released January 19. "Libgcrypt is a general purpose library of cryptographic building blocks.It is originally based on code used by GnuPG. It does not provide anyimplementation of OpenPGP or other protocols. Thorough understanding ofapplied cryptography is required to use Libgcrypt." Version 1.9.1 has been released to address the problem and all users of 1.9.0 should update immediately. It is a heap buffer overflow, but no version of GnuPG uses the 1.9 series yet. "Exploiting this bug is simple and thus immediate action for 1.9.0 usersis required. A CVE-id has not yet been assigned. We track this bug athttps://dev.gnupg.org/T5275. The 1.9.0 tarballs on our FTP server havebeen renamed so that scripts won't be able to get this version anymore."