The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
rhn.redhat.com/errata/RHSA-2016-2674.html
www.debian.org/security/2016/dsa-3649
www.debian.org/security/2016/dsa-3650
www.securityfocus.com/bid/92527
www.securitytracker.com/id/1036635
www.ubuntu.com/usn/USN-3064-1
www.ubuntu.com/usn/USN-3065-1
git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
security.gentoo.org/glsa/201610-04
security.gentoo.org/glsa/201612-01