==========================================================================
Ubuntu Security Notice USN-3065-1
August 18, 2016
libgcrypt11, libgcrypt20 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
Libgcrypt incorrectly generated random numbers.
Software Description:
– libgcrypt20: LGPL Crypto library
– libgcrypt11: LGPL Crypto library
Details:
Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly
handled mixing functions in the random number generator. An attacker able
to obtain 4640 bits from the RNG can trivially predict the next 160 bits of
output.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
libgcrypt20 1.6.5-2ubuntu0.2
Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.4
Ubuntu 12.04 LTS:
libgcrypt11 1.5.0-3ubuntu0.6
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3065-1
CVE-2016-6313
Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJXtgnvAAoJEGVp2FWnRL6TBQ8P/RzR9Uf1O5gSo8S5vKZ2wJir
cdFM+4bZK8Wx6nCET5gcrgaWXHlfeJAt9iAkZjVtt0XSVKuHJeuRWPHTHBZ1N9tu
B+5I32pOmpcjgQIp0CIjT/OnDi3O8+wz0Q3/piy277SOtdMew5PlpdOsc7BrsC9d
Gqf9btOp1zqHI3cx461vsjXjN5coYqhdPXKfEcVM1oGZRqV/rdwb+bQnfH0MxPIv
sZW5ApOnHAtT/vDzPz+n/D1m51PdtDsbnFyvCDUHfAVPhK3Gt02xYZtzjuu3s3F9
Dp5l1RkOW385jj0/ALD4VCmTYfmLk8QtDMh0oCs5qawtogC9ComB+jS0OJfbZ4uL
s7Y9o/E/lo20fLHM7MgKukqxymQXy3G7SM4E6SYmfiZghi6RE2T0tLon12CJf0EF
cPGuYOqTGHnq0gyGjGJqKipcmMSOd2/nPLfh3nW2vbCY09HCDWrM/zU3/PCb3boh
Mcdyo7qbQSgNeiZf32taIBkoCjdTfyvyWciJsLNh/qu0eYlUI9JA31x5ajMET9t8
/aTMl0bwHLYpmFg9TbMgA16cyxJpiOviCV1cqBOKmynx+aDDY29z8GH3ksbseC7p
lI8OY8zlSMUQPnCpoKOWG8AJ1s4GzjFh50xjFwR8CYB0xSr+nYc9PuCqtMVn6bOk
yzUv5lJl0gGv/w6mGtbd
=A2cO
—–END PGP SIGNATURE—–
—