Bug 994157 - (CVE-2016-6313) VUL-0: CVE-2016-6313: libgcrypt,gpg: RNG prediction vulnerability
(CVE-2016-6313)
VUL-0: CVE-2016-6313: libgcrypt,gpg: RNG prediction vulnerability
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-6313:2.6:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-17 17:52 UTC by Andreas Stieger
Modified: 2018-11-04 23:45 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-08-17 17:52:26 UTC
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

The GnuPG Project is pleased to announce the availability of new
Libgcrypt and GnuPG versions to *fix a critical security problem*.

Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of
Technology found a bug in the mixing functions of Libgcrypt's random
number generator: An attacker who obtains 4640 bits from the RNG can
trivially predict the next 160 bits of output.  This bug exists since
1998 in all GnuPG and Libgcrypt versions.


Impact
======
All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
on all platforms.

A first analysis on the impact of this bug in GnuPG shows that existing
RSA keys are not weakened.  For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.
This needs more research and I would suggest _not to_ overhasty revoke
keys.


https://twitter.com/gnupg/status/765956493720055808

> Sorry, the CVE in the announcement is wrong.
> CVE-2016-6313 is the right one and used in commit messages.


fixed in:
Libgcrypt: 1.7.3, 1.6.6, and 1.5.6.
GnuPG 1.4.21.     

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501

http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
Comment 1 Swamp Workflow Management 2016-08-17 22:00:14 UTC
bugbot adjusting priority
Comment 3 Bernhard Wiedemann 2016-08-23 18:00:43 UTC
This is an autogenerated message for OBS integration:
This bug (994157) was mentioned in
https://build.opensuse.org/request/show/421369 13.2 / libgcrypt
Comment 5 Swamp Workflow Management 2016-08-31 19:08:33 UTC
openSUSE-SU-2016:2208-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 994157
CVE References: CVE-2016-6313
Sources used:
openSUSE 13.2 (src):    libgcrypt-1.6.1-8.19.1
Comment 6 Swamp Workflow Management 2016-09-01 12:27:18 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-09-08.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63014
Comment 7 Marcus Meissner 2016-09-01 12:31:50 UTC
Premysl, can you also submit a fix for gpg 1.4 

in
 SUSE:SLE-10-SP3:Update:Test gpg
Comment 8 Přemysl Janouch 2016-09-02 10:32:19 UTC
@Marcus SLE10 has gnupg 1.9.18, I can't find anything to patch there.
Comment 9 Vítězslav Čížek 2016-09-02 10:40:47 UTC
Premysl,
there are two supported gnupg packages in SLE-10: gpg (1.4.2) and gpg2 (1.9.18)
Comment 11 Swamp Workflow Management 2016-09-21 14:09:57 UTC
SUSE-SU-2016:2345-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 994157
CVE References: CVE-2016-6313
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    libgcrypt-1.6.1-16.33.1
SUSE Linux Enterprise Server 12-SP1 (src):    libgcrypt-1.6.1-16.33.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    libgcrypt-1.6.1-16.33.1
Comment 12 Swamp Workflow Management 2016-09-21 15:10:56 UTC
SUSE-SU-2016:2346-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 994157
CVE References: CVE-2016-6313
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    libgcrypt-1.5.0-0.22.1
SUSE Linux Enterprise Server 11-SP4 (src):    libgcrypt-1.5.0-0.22.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    libgcrypt-1.5.0-0.22.1
Comment 13 Swamp Workflow Management 2016-09-30 16:11:05 UTC
openSUSE-SU-2016:2423-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 994157
CVE References: CVE-2016-6313
Sources used:
openSUSE Leap 42.1 (src):    libgcrypt-1.6.1-32.1
Comment 15 Marcus Meissner 2017-06-15 20:17:04 UTC
released