http://thehackernews.com/2017/07/gnupg- ... ption.html
I think RedHat as released a fix, and I know some other distros have. Centos 7 is running 1.5.3-13, and the latest, patched version is 1.7.8.
What is the best way to mitigate this? Or is there a time frame for CentOS to release an update?
libgcrypt vulnerability CVE-2017-7526
Re: libgcrypt vulnerability CVE-2017-7526
https://access.redhat.com/security/cve/CVE-2017-7526 says "Will not fix". Apparently Red Hat decided that this vulnerability is not serious enough.