[3.2] libgcrypt: PRNG output is predictable (CVE-2016-6313)
A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number
Generator).
An attacker who can obtain the first 580 bytes of the PRNG output, can
trivially predict the following 20 bytes.
Fixed In Version:
libgcrypt 1.7.3, libgcrypt 1.6.6, libgcrypt 1.5.6, gnupg 1.4.21
References:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
https://marc.info/?l=oss-security&m=147145356517182&w=2
https://security-tracker.debian.org/tracker/CVE-2016-6313
Patches:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513
(1.7)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501
(1.7)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461
(1.6)
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81
(1.6)
(from redmine: issue id 6066, created on 2016-08-18, closed on 2016-09-14)
- Relations:
- parent #6063 (closed)
- Changesets:
- Revision 4aaa54a0 on 2016-09-14T08:39:24Z:
main/libgcrypt: security upgrade to 1.6.6 (CVE-2016-6313). Fixes #6066
(cherry picked from commit 0fd89f564d04e956a00fcd0ccff6d3047030184e)