Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 414
Alerts This Week
Warning Icon 1 414

Fedora 23: 2016-09-13 Critical GnuPG Update for RNG Bug Fix

fedora
Calendar Grey September 14, 2016
Dist Fedora Esm H88
Important patch release for GnuPG in Fedora 23, addressing RNG vulnerability and modifying default settings for improved security measures.
- New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --...

Summary

GnuPG (GNU Privacy Guard) is a GNU utility for encrypting data and

creating digital signatures. GnuPG has advanced key management

capabilities and is compliant with the proposed OpenPGP Internet

standard described in RFC2440. Since GnuPG doesn't use any patented

algorithm, it is not compatible with any version of PGP2 (PGP2.x uses

only IDEA for symmetric-key encryption, which is patented worldwide).

Update Information:

- New upstream v1.4.21 - Fix critical security bug in the RNG [CVE-2016-6313] (#1366105) - Tweak default options for gpgv - By default do not anymore emit the GnuPG version with --armor

Change Log

References


[ 1 ] Bug #1366105 - CVE-2016-6313 libgcrypt: PRNG output is predictable https://bugzilla.redhat.com/show_bug.cgi?id=1366105

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update gnupg' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: gnupg
Product: Fedora 23
Version: 1.4.21
Release: 1.fc23
Summary: A GNU utility for secure communication and data storage

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.