FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Affected packages
gnupg1 < 1.4.21
libgcrypt < 1.7.3
linux-c6-libgcrypt < 1.4.5_4
linux-c7-libgcrypt < 1.5.3_1

Details

VuXML ID e1c71d8d-64d9-11e6-b38a-25a46b33f2ed
Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.

References

CVE Name CVE-2016-6313
URL https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html