Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Ubuntu 16.04 USN-3065-1 Critical: Libgcrypt RNG Prediction

Calendar Aug 18, 2016 User Avatar LinuxSecurity Advisories
1 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical ubuntu random number attack prediction libgcrypt
Libgcrypt incorrectly generated random numbers. 
=========================================================================Ubuntu Security Notice USN-3065-1
August 18, 2016

libgcrypt11, libgcrypt20 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Libgcrypt incorrectly generated random numbers.

Software Description:
- libgcrypt20: LGPL Crypto library
- libgcrypt11: LGPL Crypto library

Details:

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly
handled mixing functions in the random number generator. An attacker able
to obtain 4640 bits from the RNG can trivially predict the next 160 bits of
output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libgcrypt20                     1.6.5-2ubuntu0.2

Ubuntu 14.04 LTS:
  libgcrypt11                     1.5.3-2ubuntu4.4

Ubuntu 12.04 LTS:
  libgcrypt11                     1.5.0-3ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3065-1
  CVE-2016-6313

Package Information:
  https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2
  https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4
  https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6

Ubuntu 16.04 USN-3065-1 Critical: Libgcrypt RNG Prediction

ubuntu
Calendar Grey August 18, 2016
Dist Ubuntu Esm H88
Uncover the weaknesses present in Ubuntu's libgcrypt linked to the generation of random numbers, along with the essential updates required to address these issues.
Libgcrypt incorrectly generated random numbers.

Summary

Topics%20covered

Topics Covered

security advisory critical ubuntu random number attack prediction libgcrypt

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libgcrypt20 1.6.5-2ubuntu0.2 Ubuntu 14.04 LTS: libgcrypt11 1.5.3-2ubuntu4.4 Ubuntu 12.04 LTS: libgcrypt11 1.5.0-3ubuntu0.6 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3065-1

CVE-2016-6313

Severity
critical
Lowest
Low
Medium
High
Critical

August 18, 2016

Topics%20covered

Topics Covered

security advisory critical ubuntu random number attack prediction libgcrypt

Package Information

https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4 https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here