Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 591526

Summary: <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random number generator bug (CVE-2016-6313)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2016-08-17 17:04:14 UTC
This sounds really bad:
"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.  This bug exists since 1998 in all GnuPG and Libgcrypt versions."

Please bump as soon as possible.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2016-08-17 17:22:40 UTC

*** This bug has been marked as a duplicate of bug 591534 ***