Your submission was sent successfully! Close

CVE-2016-6313

Published: 17 August 2016

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Priority

High

CVSS 3 base score: 5.3

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.4.11-3ubuntu2.10)
trusty
Released (1.4.16-1ubuntu2.4)
upstream
Released (1.4.21)
xenial
Released (1.4.20-1ubuntu3.1)
yakkety Does not exist

zesty Does not exist

gnupg2
Launchpad, Ubuntu, Debian
artful Not vulnerable
(uses system libgcrypt)
bionic Not vulnerable
(uses system libgcrypt)
cosmic Not vulnerable
(uses system libgcrypt)
disco Not vulnerable
(uses system libgcrypt)
precise Does not exist
(precise was not-affected [uses system libgcrypt])
trusty Does not exist
(trusty was not-affected [uses system libgcrypt])
upstream Needs triage

xenial Not vulnerable
(uses system libgcrypt)
yakkety Not vulnerable
(uses system libgcrypt)
zesty Not vulnerable
(uses system libgcrypt)
libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.5.0-3ubuntu0.6)
trusty
Released (1.5.3-2ubuntu4.4)
upstream
Released (1.5.6)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

libgcrypt20
Launchpad, Ubuntu, Debian
artful
Released (1.7.2-2ubuntu1)
bionic
Released (1.7.2-2ubuntu1)
cosmic
Released (1.7.2-2ubuntu1)
disco
Released (1.7.2-2ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.6.6,1.7.3)
xenial
Released (1.6.5-2ubuntu0.2)
yakkety
Released (1.7.2-2ubuntu1)
zesty
Released (1.7.2-2ubuntu1)