Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 591526 - <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random number generator bug (CVE-2016-6313)
Summary: <dev-libs/libgcrypt-{1.5.6,1.6.6,1.7.3}, <app-crypt/gnupg-1.4.21: Random numb...
Status: RESOLVED DUPLICATE of bug 591534
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.gnupg.org/pipermail/gnu...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-17 17:04 UTC by Hanno Böck
Modified: 2016-08-17 17:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-08-17 17:04:14 UTC
This sounds really bad:
"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.  This bug exists since 1998 in all GnuPG and Libgcrypt versions."

Please bump as soon as possible.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2016-08-17 17:22:40 UTC

*** This bug has been marked as a duplicate of bug 591534 ***