1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3649-1] gnupg security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Aug 17 23:40:02 2016
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3649-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2016 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gnupg
    CVE ID : CVE-2016-6313

    Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of
    Technology discovered a flaw in the mixing functions of GnuPG's random
    number generator. An attacker who obtains 4640 bits from the RNG can
    trivially predict the next 160 bits of output.

    A first analysis on the impact of this bug for GnuPG shows that existing
    RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely
    that the private key can be predicted from other public information.

    For the stable distribution (jessie), this problem has been fixed in
    version 1.4.18-7+deb8u2.

    We recommend that you upgrade your gnupg packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIcBAEBCgAGBQJXtNXhAAoJEAVMuPMTQ89EdesP/0ggsyZeF7DiWIEryM/3EgNa 0qxOnOzq3Op8wF8dYcBOtS/qCv9aXEBUw0pk+00BKKS1s7PS6HnGtAox0sJaej4B L0Fqiypz6nbYEIguSoCIZXFILxNyhbbotXs1CQn7kA86IiHiBnd3f345x+PhOorw tKSUXxclSZwLJQjub6YM5y/YqOBpskcOCdb25LQ3kQ1UHwQt8NPNHZRxlfb29805 h8nOaMEc4sdRltpdHllpwGGbSDT1csB4qTb8qy+6fWHSp/enj+KTAmV7MfibTa1C /wbXhHpP7+gr6fj0dyMOD9EfyFIpDZkZcuH8ZPx5hBdKj6SQ3e9ovyc2S7li2bDh TuXCuCbIeHkFw/EafFkuDaesDbeLqxQUr47sALZMHTzpZ6e+Xe3fXBGRj7Cr1MTp vlUkWOaYNwY+fmZkqQR4hMwBgdxRDy7xfZxKAzUji8RI/KEz0GJK23Ipiwcauk6Q o0Vjgrw1zPPz+IvIYsLg6jtFVPcd3PMHq8laWf9/sxD8VMQ2IDl8F8JqA5JHKtlX Kpoga9hAhjssUX8G4cqyMAUKxqBOMHmTKOqjtu5VIhU+os1oRg9VhA0KfaElXd4a PEox1qIYkdJ7dZiVKT2qP1iqJmL5/FTWllVrKdPPm1zkSZq8wKZo6LoLx8i4kDXm VvQ6HKyE+MYAQ5Xg7gbM
    =k16Z
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)