GoogleOSV:DSA-3650-1

HistoryAug 17, 2016 - 12:00 a.m.

Vulners
/
Osv
/
libgcrypt20 - security update

libgcrypt20 - security update

2016-08-1700:00:00

Google

osv.dev

0.007 Low

EPSS

Percentile

80.6%

JSON

Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of
Technology discovered a flaw in the mixing functions of Libgcrypt’s
random number generator. An attacker who obtains 4640 bits from the RNG
can trivially predict the next 160 bits of output.

A first analysis on the impact of this bug for GnuPG shows that existing
RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.

For the stable distribution (jessie), this problem has been fixed in
version 1.6.3-2+deb8u2.

We recommend that you upgrade your libgcrypt20 packages.

CPENameOperatorVersion
libgcrypt20eq1.6.3-2+deb8u1
libgcrypt20eq1.6.3-2

CPE	Name	Operator	Version
	libgcrypt20	eq	1.6.3-2+deb8u1
	libgcrypt20	eq	1.6.3-2

References

www.debian.org/security/2016/dsa-3650

nessus 31

openvas 25

redhatcve 1

debian 6

amazon 1

osv 4

ibm 12

mageia 1

debiancve 1

cloudfoundry 2

freebsd 1

oraclelinux 1

ubuntu 2

prion 1

ubuntucve 2

centos 1

gentoo 2

fedora 5

veracode 1

archlinux 2

f5 1

slackware 2

nvd 1

redhat 1

altlinux 1

alpinelinux 1

cve 1

cvelist 1

photon 1

suse 2

nessus

Debian DSA-3649-1 : gnupg - security update

2016-08-18 00:00:00

Debian DLA-602-1 : gnupg security and hardening update

2016-08-30 00:00:00

SUSE SLES11 Security Update : libgcrypt (SUSE-SU-2016:2346-1)

2016-09-22 00:00:00

openvas

Debian Security Advisory DSA 3649-1 (gnupg - security update)

2016-08-17 00:00:00

Fedora Update for gnupg FEDORA-2016-3a0195918f

2016-09-14 00:00:00

Fedora Update for libgcrypt FEDORA-2016-2b4ecfa79f

2016-09-08 00:00:00

redhatcve

CVE-2016-6313

2016-08-18 21:04:33

debian

[SECURITY] [DSA 3649-1] gnupg security update

2016-08-17 21:35:30

[SECURITY] [DSA 3650-1] libgcrypt20 security update

2016-08-17 21:35:36

[SECURITY] [DSA 3650-1] libgcrypt20 security update

2016-08-17 21:35:36

amazon

Medium: libgcrypt, gnupg

2016-09-15 19:00:00

osv

libgcrypt11 - security update

2016-08-23 00:00:00

gnupg - security update

2016-08-17 00:00:00

gnupg - security update

2016-08-29 00:00:00

ibm

Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313)

2018-06-16 21:48:00

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313)

2018-06-16 21:50:47

Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM

2018-06-18 01:34:46

mageia

Updated gnupg/libgcrypt packages fix security vulnerability

2016-08-31 18:32:33

debiancve

CVE-2016-6313

2016-12-13 20:59:04

cloudfoundry

USN-3064-1 GnuPG vulnerability | Cloud Foundry

2016-08-25 00:00:00

USN-3065-1 Libgcrypt vulnerability | Cloud Foundry

2016-08-25 00:00:00

freebsd

gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

2016-08-17 00:00:00

oraclelinux

libgcrypt security update

2016-11-09 00:00:00

ubuntu

GnuPG vulnerability

2016-08-18 00:00:00

Libgcrypt vulnerability

2016-08-18 00:00:00

prion

Design/Logic Flaw

2016-12-13 20:59:00

ubuntucve

CVE-2016-6313

2016-08-17 00:00:00

CVE-2016-6316

2016-09-07 00:00:00

centos

libgcrypt security update

2016-11-12 06:30:21

gentoo

GnuPG: RNG output is predictable

2016-12-02 00:00:00

libgcrypt: Multiple vulnerabilities

2016-10-10 00:00:00

fedora

[SECURITY] Fedora 25 Update: gnupg-1.4.21-1.fc25

2016-08-30 18:22:15

[SECURITY] Fedora 23 Update: gnupg-1.4.21-1.fc23

2016-09-14 01:23:53

[SECURITY] Fedora 25 Update: libgcrypt-1.6.6-1.fc25

2016-08-27 11:09:12

veracode

Information Leakage

2019-01-15 09:14:36

archlinux

lib32-libgcrypt: information disclosure

2016-09-17 00:00:00

libgcrypt: information disclosure

2016-08-21 00:00:00

K09040132 : libgcrypt vulnerability CVE-2016-6313

2017-07-03 00:00:00

slackware

[slackware-security] libgcrypt

2016-08-23 21:12:28

[slackware-security] gnupg

2016-08-23 20:58:51

nvd

CVE-2016-6313

2016-12-13 20:59:04

redhat

(RHSA-2016:2674) Moderate: libgcrypt security update

2016-11-08 03:29:18

altlinux

Security fix for the ALT Linux 8 package gnupg version 1.4.21-alt1

2017-03-28 00:00:00

alpinelinux

CVE-2016-6313

2016-12-13 20:59:04

cve

CVE-2016-6313

2016-12-13 20:59:04

cvelist

CVE-2016-6313

2016-12-13 20:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0013

2017-04-24 00:00:00

suse

Security update for SLES 12-SP1 Docker image (important)

2017-10-11 03:07:32

Security update for SLES 12 Docker image (important)

2017-10-11 03:06:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.007 Low

EPSS

Percentile

80.6%

JSON

Related for OSV:DSA-3650-1