MGASA-2016-0292

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2016-0292.html

Import Source

https://advisories.mageia.org/MGASA-2016-0292.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2016-0292

Related

CVE-2016-6313

Published

2016-08-31T15:32:33Z

Modified

2016-08-31T15:23:03Z

Summary

Updated gnupg/libgcrypt packages fix security vulnerability

Details

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG's random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output (CVE-2016-6313).

The gnupg package has been patched to correct these issues.

GnuPG2 is vulnerable to these issues through the libgcrypt library. The libgcrypt package has also been patched to correct this issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / gnupg

Package

Name: gnupg
Purl: pkg:rpm/mageia/gnupg?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.19-1.2.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / libgcrypt

Package

Name: libgcrypt
Purl: pkg:rpm/mageia/libgcrypt?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.4-5.3.mga5

Ecosystem specific

{
    "section": "core"
}