|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0292 (gnupg/libgcrypt)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0292: Updated gnupg/libgcrypt packages fix security vulnerability 


Date:
    	      Wed, 31 Aug 2016 17:33:19 +0200


Message-ID:
    	      <20160831153319.441459F77B@duvel.mageia.org>


MGASA-2016-0292 - Updated gnupg/libgcrypt packages fix security vulnerability

Publication date: 31 Aug 2016
URL: http://advisories.mageia.org/MGASA-2016-0292.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-6313

Description:
Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of
Technology discovered a flaw in the mixing functions of GnuPG's random
number generator. An attacker who obtains 4640 bits from the RNG can
trivially predict the next 160 bits of output (CVE-2016-6313).

The gnupg package has been patched to correct these issues.

GnuPG2 is vulnerable to these issues through the libgcrypt library.  The
libgcrypt package has also been patched to correct this issue.

References:
- https://bugs.mageia.org/show_bug.cgi?id=19206
- https://www.debian.org/security/2016/dsa-3649
- https://www.debian.org/security/2016/dsa-3650
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313

SRPMS:
- 5/core/gnupg-1.4.19-1.2.mga5
- 5/core/libgcrypt-1.5.4-5.3.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds