#8186: libgcrypt-1.7.3
-------------------------+-------------------------
Reporter: renodr | Owner: blfs-book@…
Type: enhancement | Status: new
Priority: high | Milestone: 7.10
Component: BOOK | Version: SVN
Severity: normal | Keywords:
-------------------------+-------------------------
New minor version (an emergency release).
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
{{{
The GnuPG Project is pleased to announce the availability of new
Libgcrypt and GnuPG versions to *fix a critical security problem*.
Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of
Technology found a bug in the mixing functions of Libgcrypt's random
number generator: An attacker who obtains 4640 bits from the RNG can
trivially predict the next 160 bits of output. This bug exists since
1998 in all GnuPG and Libgcrypt versions.
Impact
======
All Libgcrypt and GnuPG versions released before 2016-08-17 are affected
on all platforms.
A first analysis on the impact of this bug in GnuPG shows that existing
RSA keys are not weakened. For DSA and Elgamal keys it is also unlikely
that the private key can be predicted from other public information.
This needs more research and I would suggest _not to_ overhasty revoke
keys.
}}}
http://www.openwall.com/lists/oss-security/2016/08/17/7
http://www.openwall.com/lists/oss-security/2016/08/17/8
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/8186>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
