Vulnerabilities > CVE-2016-6313 - Information Exposure vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-744.NASL description A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker who can obtain the first 580 bytes of the PRNG output can trivially predict the following 20 bytes. last seen 2020-06-01 modified 2020-06-02 plugin id 93536 published 2016-09-16 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93536 title Amazon Linux AMI : libgcrypt / gnupg (ALAS-2016-744) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3650.NASL description Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of Libgcrypt last seen 2020-06-01 modified 2020-06-02 plugin id 93019 published 2016-08-18 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93019 title Debian DSA-3650-1 : libgcrypt20 - security update NASL family Fedora Local Security Checks NASL id FEDORA_2016-3A0195918F.NASL description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-15 plugin id 93490 published 2016-09-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93490 title Fedora 23 : gnupg (2016-3a0195918f) NASL family Fedora Local Security Checks NASL id FEDORA_2016-9864953AA3.NASL description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-08-29 plugin id 93142 published 2016-08-29 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93142 title Fedora 24 : gnupg (2016-9864953aa3) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013_LIBGCRYPT.NASL description An update of the libgcrypt package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121685 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121685 title Photon OS 1.0: Libgcrypt PHSA-2017-0013 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3065-1.NASL description Felix Dorre and Vladimir Klebanov discovered that Libgcrypt incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93046 published 2016-08-19 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93046 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libgcrypt11, libgcrypt20 vulnerability (USN-3065-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3064-1.NASL description Felix Dorre and Vladimir Klebanov discovered that GnuPG incorrectly handled mixing functions in the random number generator. An attacker able to obtain 4640 bits from the RNG can trivially predict the next 160 bits of output. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93045 published 2016-08-19 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93045 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : gnupg vulnerability (USN-3064-1) NASL family Scientific Linux Local Security Checks NASL id SL_20161108_LIBGCRYPT_ON_SL6_X.NASL description Security Fix(es) : - A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) last seen 2020-03-18 modified 2016-11-09 plugin id 94652 published 2016-11-09 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94652 title Scientific Linux Security Update : libgcrypt on SL6.x i386/x86_64 (20161108) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E1C71D8D64D911E6B38A25A46B33F2ED.NASL description Werner Koch reports : There was a bug in the mixing functions of Libgcrypt last seen 2020-06-01 modified 2020-06-02 plugin id 93023 published 2016-08-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93023 title FreeBSD : gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output (e1c71d8d-64d9-11e6-b38a-25a46b33f2ed) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2346-1.NASL description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93645 published 2016-09-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93645 title SUSE SLES11 Security Update : libgcrypt (SUSE-SU-2016:2346-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0156.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-6313 - predictable PRNG output (#1366105) last seen 2020-06-01 modified 2020-06-02 plugin id 94650 published 2016-11-09 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94650 title OracleVM 3.3 / 3.4 : libgcrypt (OVMSA-2016-0156) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2016-1081.NASL description According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.(CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99841 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99841 title EulerOS 2.0 SP1 : libgcrypt (EulerOS-SA-2016-1081) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-01.NASL description The remote host is affected by the vulnerability described in GLSA-201612-01 (GnuPG: RNG output is predictable) A long standing bug (since 1998) in Libgcrypt (see “GLSA 201610-04” below) and GnuPG allows an attacker to predict the output from the standard RNG. Please review the “Entropy Loss and Output Predictability in the Libgcrypt PRNG” paper below for a deep technical analysis. Impact : An attacker who obtains 580 bytes of the random number from the standard RNG can trivially predict the next 20 bytes of output. This flaw does not affect the default generation of keys, because running gpg for key creation creates at most 2 keys from the pool. For a single 4096 bit RSA key, 512 bytes of random are required and thus for the second key (encryption subkey), 20 bytes could be predicted from the the first key. However, the security of an OpenPGP key depends on the primary key (which was generated first) and thus the 20 predictable bytes should not be a problem. For the default key length of 2048 bit nothing will be predictable. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 95516 published 2016-12-05 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95516 title GLSA-201612-01 : GnuPG: RNG output is predictable NASL family Debian Local Security Checks NASL id DEBIAN_DLA-600.NASL description The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt last seen 2020-03-17 modified 2016-08-24 plugin id 93083 published 2016-08-24 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93083 title Debian DLA-600-1 : libgcrypt11 security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201610-04.NASL description The remote host is affected by the vulnerability described in GLSA-201610-04 (libgcrypt: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details. Impact : Side-channel attacks can leak private key information. A separate critical bug allows an attacker who obtains 4640 bits from the RNG to trivially predict the next 160 bits of output. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 93946 published 2016-10-11 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93946 title GLSA-201610-04 : libgcrypt: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2345-1.NASL description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93644 published 2016-09-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93644 title SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2016:2345-1) NASL family Fedora Local Security Checks NASL id FEDORA_2016-2B4ECFA79F.NASL description Important update from upstream which fixes predictability problem in the RNG (CVE-2016-6313). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-08 plugin id 93355 published 2016-09-08 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93355 title Fedora 23 : libgcrypt (2016-2b4ecfa79f) NASL family Fedora Local Security Checks NASL id FEDORA_2016-B66A0AEF08.NASL description Important update from upstream which fixes predictability problem in the RNG (CVE-2016-6313). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94850 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94850 title Fedora 25 : libgcrypt (2016-b66a0aef08) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-2674.NASL description From Red Hat Security Advisory 2016:2674 : An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 94622 published 2016-11-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94622 title Oracle Linux 6 / 7 : libgcrypt (ELSA-2016-2674) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1042.NASL description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (boo#994157, CVE-2016-6313) last seen 2020-06-05 modified 2016-09-01 plugin id 93250 published 2016-09-01 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93250 title openSUSE Security Update : libgcrypt (openSUSE-2016-1042) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-2674.NASL description An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 94741 published 2016-11-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94741 title CentOS 6 / 7 : libgcrypt (CESA-2016:2674) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-236-01.NASL description New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 93080 published 2016-08-24 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93080 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : gnupg (SSA:2016-236-01) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1448.NASL description According to the version of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes.(CVE-2016-6313) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 124951 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124951 title EulerOS Virtualization 3.0.1.0 : libgcrypt (EulerOS-SA-2019-1448) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-236-02.NASL description New libgcrypt packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 93081 published 2016-08-24 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93081 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : libgcrypt (SSA:2016-236-02) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-602.NASL description CVE-2016-6313 Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG last seen 2020-03-17 modified 2016-08-30 plugin id 93199 published 2016-08-30 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93199 title Debian DLA-602-1 : gnupg security and hardening update NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013.NASL description An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111862 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111862 title Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1138.NASL description This update for libgcrypt fixes the following issues : - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2016-10-03 plugin id 93823 published 2016-10-03 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/93823 title openSUSE Security Update : libgcrypt (openSUSE-2016-1138) NASL family Fedora Local Security Checks NASL id FEDORA_2016-AAB0A156AB.NASL description - New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94847 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94847 title Fedora 25 : gnupg (2016-aab0a156ab) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3649.NASL description Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG last seen 2020-06-01 modified 2020-06-02 plugin id 93018 published 2016-08-18 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93018 title Debian DSA-3649-1 : gnupg - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-2674.NASL description An update for libgcrypt is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es) : * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dorre and Vladimir Klebanov for reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 94626 published 2016-11-08 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94626 title RHEL 6 / 7 : libgcrypt (RHSA-2016:2674)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://rhn.redhat.com/errata/RHSA-2016-2674.html
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3649
- http://www.debian.org/security/2016/dsa-3650
- http://www.debian.org/security/2016/dsa-3650
- http://www.securityfocus.com/bid/92527
- http://www.securityfocus.com/bid/92527
- http://www.securitytracker.com/id/1036635
- http://www.securitytracker.com/id/1036635
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3064-1
- http://www.ubuntu.com/usn/USN-3065-1
- http://www.ubuntu.com/usn/USN-3065-1
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=blob_plain%3Bf=NEWS
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201610-04
- https://security.gentoo.org/glsa/201612-01
- https://security.gentoo.org/glsa/201612-01