Bug 19385 - buggy PRNG in libgcrypt
Summary: buggy PRNG in libgcrypt
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: David Walser
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-16 13:48 CEST by Erik Schäfer
Modified: 2016-09-16 14:32 CEST (History)
0 users

See Also:
Source RPM: gnupg-1.4.19-1.2.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Erik Schäfer 2016-09-16 13:48:42 CEST 
Description of problem:
Last month a bug in the PRNG of libgcrypt was found(CVE-2016-6313).
So it is nessecary to update gpg(1) to version 1.4.21.
Her is the research paper to the case:
http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf

Version-Release number of selected component (if applicable):
gnupg-1.4.19-1.2.mga5.x86_64.rpm

How reproducible:
Every time you check the version of gpg(1)

Steps to Reproduce:
1.open a bash
2.urpmi --auto-update
3.gpg --version
Comment 1 David Walser 2016-09-16 14:32:53 CEST 
Already patched to fix this in Bug 19206.

Status: NEW => RESOLVED
Resolution: (none) => INVALID
Note You need to log in before you can comment on or make changes to this bug.