Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 591536 - <app-crypt/gnupg-1.4.21: Critical security vulnerability in RNG (CVE-2016-6313)
Summary: <app-crypt/gnupg-1.4.21: Critical security vulnerability in RNG (CVE-2016-6313)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.gnupg.org/pipermail/gnu...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-17 17:42 UTC by Kristian Fiskerstrand
Modified: 2016-12-02 09:39 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand gentoo-dev Security 2016-08-17 17:42:38 UTC
+++ This bug was initially created as a clone of Bug #591534 +++

Cloned for gnupg 1.4 handling

From ${URL} (note CVE in announcement is wrong)

Hello!

The GnuPG Project is pleased to announce the availability of new
Libgcrypt and GnuPG versions to *fix a critical security problem*.

Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of
Technology found a bug in the mixing functions of Libgcrypt's random
number generator: An attacker who obtains 4640 bits from the RNG can
trivially predict the next 160 bits of output.  This bug exists since
1998 in all GnuPG and Libgcrypt versions.


Impact
======
All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
on all platforms.

A first analysis on the impact of this bug in GnuPG shows that existing
RSA keys are not weakened.  For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.
This needs more research and I would suggest _not to_ overhasty revoke
keys.


Solution
========
If you are using a vendor supplied version of GnuPG or Libgcrypt:

 * Wait for an update from your vendor.

If you are using a GnuPG-2 version (2.0.x or 2.1.x):

 * Update Libgcrypt.  We have released these fixed versions of
   Libgcrypt: 1.7.3, 1.6.6, and 1.5.6.  See below for download
   information.

If you are using GnuPG-1 version (1.4.x): 

 * Update as soon as possible to GnuPG 1.4.21.  See below for download
   information.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2016-08-17 17:55:18 UTC
Arches, please stabilize
=app-crypt/gnupg-1.4.21
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 


commit ff13a198c84b52c2633dd98e013066ef5797b226
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Wed Aug 17 19:52:32 2016 +0200

    app-crypt/gnupg: Security bump to 1.4.21
    
    Gentoo-Bug: 591536
    
    Package-Manager: portage-2.3.0
Comment 2 Agostino Sarubbo gentoo-dev 2016-08-18 14:54:38 UTC
amd64 stable
Comment 3 Jeroen Roovers gentoo-dev 2016-08-18 23:33:06 UTC
Stable for HPPA PPC64.
Comment 4 Markus Meier gentoo-dev 2016-09-01 11:33:11 UTC
arm stable
Comment 5 Tobias Klausmann gentoo-dev 2016-09-01 14:17:32 UTC
Stable on alpha.
Comment 6 Agostino Sarubbo gentoo-dev 2016-09-29 08:42:55 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-09-29 09:37:53 UTC
sparc stable
Comment 8 Agostino Sarubbo gentoo-dev 2016-09-29 12:38:39 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-09-29 13:31:06 UTC
ia64 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 10 Kristian Fiskerstrand gentoo-dev Security 2016-11-23 18:58:27 UTC
Cleanup done long ago
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-11-25 06:04:39 UTC
CVE-2016-6313 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6313):
  PRNG output is predictable
Comment 12 Thomas Deutschmann gentoo-dev Security 2016-11-30 18:29:02 UTC
New GLSA created.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2016-12-02 09:39:43 UTC
This issue was resolved and addressed in
 GLSA 201612-01 at https://security.gentoo.org/glsa/201612-01
by GLSA coordinator Aaron Bauman (b-man).