CVE-2016-6313: Infoleak
First published: Tue Dec 13 2016(Updated: )
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU Libgcrypt | <=1.5.3 | |
| GNU Libgcrypt | =1.6.0 | |
| GNU Libgcrypt | =1.6.1 | |
| GNU Libgcrypt | =1.6.2 | |
| GNU Libgcrypt | =1.6.3 | |
| GNU Libgcrypt | =1.6.4 | |
| GNU Libgcrypt | =1.6.5 | |
| GNU Libgcrypt | =1.7.0 | |
| GNU Libgcrypt | =1.7.1 | |
| GNU Libgcrypt | =1.7.2 | |
| Debian Debian Linux | =8.0 | |
| Ubuntu Linux | =12.04 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =16.04 | |
| GnuPG GnuPG | <=1.4.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.securitytracker.com/id/1036635
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob_plain;f=NEWS
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gnupg
- canonical/gnu libgcrypt
- version/gnu libgcrypt/1.5.3
- version/gnu libgcrypt/1.6.0
- version/gnu libgcrypt/1.6.1
- version/gnu libgcrypt/1.6.2
- version/gnu libgcrypt/1.6.3
- version/gnu libgcrypt/1.6.4
- version/gnu libgcrypt/1.6.5
- version/gnu libgcrypt/1.7.0
- version/gnu libgcrypt/1.7.1
- version/gnu libgcrypt/1.7.2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/12.04
- version/ubuntu linux/14.04
- version/ubuntu linux/16.04
- canonical/gnupg gnupg
- version/gnupg gnupg/1.4.14