CVE-2016-6313

Priority
Description
The mixing functions in the random number generator in Libgcrypt before
1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21
make it easier for attackers to obtain the values of 160 bits by leveraging
knowledge of the previous 4640 bits.
Notes
 mdeslaur> CVE number in announcement is wrong
Assigned-to
mdeslaur
Package
Source: gnupg (LP Ubuntu Debian)
Upstream:released (1.4.21)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.4.11-3ubuntu2.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.16-1ubuntu2.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.4.20-1ubuntu3.1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses system libgcrypt])
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (uses system libgcrypt)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system libgcrypt)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system libgcrypt)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (uses system libgcrypt)
Ubuntu 19.04 (Disco Dingo):not-affected (uses system libgcrypt)
Package
Upstream:released (1.5.6)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.5.0-3ubuntu0.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.5.3-2ubuntu4.4)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a
More Information

Updated: 2019-01-14 21:19:45 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)