Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in libgcrypt
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in libgcrypt
ID: USN-3065-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS
Datum: Do, 18. August 2016, 23:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6313
Applikationen: libgcrypt

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7400633308482629572==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR
Content-Type: multipart/mixed;
boundary="usnmOv67j8KUiWWItImRkvJFCbbeffWUS"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <f20935f3-eeb3-e607-61d8-038c2ebd5bb3@canonical.com>
Subject: [USN-3065-1] Libgcrypt vulnerability

--usnmOv67j8KUiWWItImRkvJFCbbeffWUS
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3065-1
August 18, 2016

libgcrypt11, libgcrypt20 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Libgcrypt incorrectly generated random numbers.

Software Description:
- libgcrypt20: LGPL Crypto library
- libgcrypt11: LGPL Crypto library

Details:

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly
handled mixing functions in the random number generator. An attacker able
to obtain 4640 bits from the RNG can trivially predict the next 160 bits of
output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libgcrypt20 1.6.5-2ubuntu0.2

Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.4

Ubuntu 12.04 LTS:
libgcrypt11 1.5.0-3ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3065-1
CVE-2016-6313

Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6



--usnmOv67j8KUiWWItImRkvJFCbbeffWUS--

--4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJXtgnvAAoJEGVp2FWnRL6TBQ8P/RzR9Uf1O5gSo8S5vKZ2wJir
cdFM+4bZK8Wx6nCET5gcrgaWXHlfeJAt9iAkZjVtt0XSVKuHJeuRWPHTHBZ1N9tu
B+5I32pOmpcjgQIp0CIjT/OnDi3O8+wz0Q3/piy277SOtdMew5PlpdOsc7BrsC9d
Gqf9btOp1zqHI3cx461vsjXjN5coYqhdPXKfEcVM1oGZRqV/rdwb+bQnfH0MxPIv
sZW5ApOnHAtT/vDzPz+n/D1m51PdtDsbnFyvCDUHfAVPhK3Gt02xYZtzjuu3s3F9
Dp5l1RkOW385jj0/ALD4VCmTYfmLk8QtDMh0oCs5qawtogC9ComB+jS0OJfbZ4uL
s7Y9o/E/lo20fLHM7MgKukqxymQXy3G7SM4E6SYmfiZghi6RE2T0tLon12CJf0EF
cPGuYOqTGHnq0gyGjGJqKipcmMSOd2/nPLfh3nW2vbCY09HCDWrM/zU3/PCb3boh
Mcdyo7qbQSgNeiZf32taIBkoCjdTfyvyWciJsLNh/qu0eYlUI9JA31x5ajMET9t8
/aTMl0bwHLYpmFg9TbMgA16cyxJpiOviCV1cqBOKmynx+aDDY29z8GH3ksbseC7p
lI8OY8zlSMUQPnCpoKOWG8AJ1s4GzjFh50xjFwR8CYB0xSr+nYc9PuCqtMVn6bOk
yzUv5lJl0gGv/w6mGtbd
=A2cO
-----END PGP SIGNATURE-----

--4VdXH7maIVDNIFr30POH9Itk1wG1k7IbR--


--===============7400633308482629572==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7400633308482629572==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung