CVE-2016-6313
Published: 17 August 2016
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
Notes
Author | Note |
---|---|
mdeslaur | CVE number in announcement is wrong |
Priority
Status
Package | Release | Status |
---|---|---|
gnupg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Released
(1.4.11-3ubuntu2.10)
|
|
trusty |
Released
(1.4.16-1ubuntu2.4)
|
|
upstream |
Released
(1.4.21)
|
|
xenial |
Released
(1.4.20-1ubuntu3.1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a |
||
gnupg2 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(uses system libgcrypt)
|
bionic |
Not vulnerable
(uses system libgcrypt)
|
|
cosmic |
Not vulnerable
(uses system libgcrypt)
|
|
disco |
Not vulnerable
(uses system libgcrypt)
|
|
precise |
Not vulnerable
(uses system libgcrypt)
|
|
trusty |
Does not exist
(trusty was not-affected [uses system libgcrypt])
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system libgcrypt)
|
|
yakkety |
Not vulnerable
(uses system libgcrypt)
|
|
zesty |
Not vulnerable
(uses system libgcrypt)
|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
disco |
Does not exist
|
|
precise |
Released
(1.5.0-3ubuntu0.6)
|
|
trusty |
Released
(1.5.3-2ubuntu4.4)
|
|
upstream |
Released
(1.5.6)
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a |
||
libgcrypt20 Launchpad, Ubuntu, Debian |
artful |
Released
(1.7.2-2ubuntu1)
|
bionic |
Released
(1.7.2-2ubuntu1)
|
|
cosmic |
Released
(1.7.2-2ubuntu1)
|
|
disco |
Released
(1.7.2-2ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was needed)
|
|
upstream |
Released
(1.6.6,1.7.3)
|
|
xenial |
Released
(1.6.5-2ubuntu0.2)
|
|
yakkety |
Released
(1.7.2-2ubuntu1)
|
|
zesty |
Released
(1.7.2-2ubuntu1)
|
|
Patches: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461 upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.3 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |