Bug 19385

Summary: buggy PRNG in libgcrypt
Product: Mageia Reporter: Erik Schäfer <turzy>
Component: RPM PackagesAssignee: David Walser <luigiwalser>
Status: RESOLVED INVALID QA Contact:
Severity: normal    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: gnupg-1.4.19-1.2.mga5.src.rpm CVE:
Status comment:

Description Erik Schäfer 2016-09-16 13:48:42 CEST 
Description of problem:
Last month a bug in the PRNG of libgcrypt was found(CVE-2016-6313).
So it is nessecary to update gpg(1) to version 1.4.21.
Her is the research paper to the case:
http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf

Version-Release number of selected component (if applicable):
gnupg-1.4.19-1.2.mga5.x86_64.rpm

How reproducible:
Every time you check the version of gpg(1)

Steps to Reproduce:
1.open a bash
2.urpmi --auto-update
3.gpg --version
Comment 1 David Walser 2016-09-16 14:32:53 CEST 
Already patched to fix this in Bug 19206.

Status: NEW => RESOLVED
Resolution: (none) => INVALID