Your submission was sent successfully! Close

CVE-2016-6313

Published: 17 August 2016

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Notes

AuthorNote
mdeslaur
CVE number in announcement is wrong
Priority

High

CVSS 3 base score: 5.3

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.4.11-3ubuntu2.10)
trusty
Released (1.4.16-1ubuntu2.4)
upstream
Released (1.4.21)
xenial
Released (1.4.20-1ubuntu3.1)
yakkety Does not exist

zesty Does not exist

Patches:
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a






gnupg2
Launchpad, Ubuntu, Debian
artful Not vulnerable
(uses system libgcrypt)
bionic Not vulnerable
(uses system libgcrypt)
cosmic Not vulnerable
(uses system libgcrypt)
disco Not vulnerable
(uses system libgcrypt)
precise Does not exist
(precise was not-affected [uses system libgcrypt])
trusty Does not exist
(trusty was not-affected [uses system libgcrypt])
upstream Needs triage

xenial Not vulnerable
(uses system libgcrypt)
yakkety Not vulnerable
(uses system libgcrypt)
zesty Not vulnerable
(uses system libgcrypt)
libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

precise
Released (1.5.0-3ubuntu0.6)
trusty
Released (1.5.3-2ubuntu4.4)
upstream
Released (1.5.6)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

Patches:


upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a




libgcrypt20
Launchpad, Ubuntu, Debian
artful
Released (1.7.2-2ubuntu1)
bionic
Released (1.7.2-2ubuntu1)
cosmic
Released (1.7.2-2ubuntu1)
disco
Released (1.7.2-2ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was needed)
upstream
Released (1.6.6,1.7.3)
xenial
Released (1.6.5-2ubuntu0.2)
yakkety
Released (1.7.2-2ubuntu1)
zesty
Released (1.7.2-2ubuntu1)
Patches:




upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 (1.7)
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501 (1.7)
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461 (1.6)
upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81 (1.6)