Launchpad.net

CVE 2016-6313

The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.

Related bugs and status

CVE-2016-6313 (Candidate) is related to these bugs:

Bug #1615039: [FFe] /usr/bin/gnupg --version should be 2.1

		In	Importance	Status
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	gnupg2 (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	gnupg (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	gnupg1 (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	libgnupg-interface-perl (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	libconfig-identity-perl (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	python-gnupg (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	software-properties (Ubuntu)	Undecided	Fix Released
1615039	[FFe] /usr/bin/gnupg --version should be 2.1	ubuntu-keyring (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [gnupg-announce] 20160...
CONFIRM: https://git.gnupg.org/...
DEBIAN: DSA-3649
DEBIAN: DSA-3650
UBUNTU: USN-3064-1
UBUNTU: USN-3065-1
BID: 92527
GENTOO: GLSA-201610-04
GENTOO: GLSA-201612-01
SECTRACK: 1036635
REDHAT: RHSA-2016:2674