PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability

PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability

Solution:
This attack may be mitigated by ensuring that OpenPGP compression is used on all messages. Ensure that compression is enabled on client software, and avoid transmitting compressed files such as .ZIP archives which may not be compressed a second time.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.