591526 – <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random number generator bug (CVE-2016-6313)

Bug 591526 - <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random number generator bug (CVE-2016-6313)

Summary: <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random numb...

Status:	RESOLVED DUPLICATE of bug 591534

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://lists.gnupg.org/pipermail/gnu...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-08-17 17:04 UTC by Hanno Böck
Modified:	2016-08-17 17:22 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2016-08-17 17:04:14 UTC

This sounds really bad:
"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.  This bug exists since 1998 in all GnuPG and Libgcrypt versions."

Please bump as soon as possible.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-08-17 17:22:40 UTC


*** This bug has been marked as a duplicate of bug 591534 ***