{"id":"MGASA-2016-0292","summary":"Updated gnupg/libgcrypt packages fix security vulnerability","details":"Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of\nTechnology discovered a flaw in the mixing functions of GnuPG's random\nnumber generator. An attacker who obtains 4640 bits from the RNG can\ntrivially predict the next 160 bits of output (CVE-2016-6313).\n\nThe gnupg package has been patched to correct these issues.\n\nGnuPG2 is vulnerable to these issues through the libgcrypt library.  The\nlibgcrypt package has also been patched to correct this issue.\n","modified":"2026-02-01T08:34:26.995035Z","published":"2016-08-31T15:32:33Z","related":["CVE-2016-6313"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0292.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19206"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3649"},{"type":"REPORT","url":"https://www.debian.org/security/2016/dsa-3650"}],"affected":[{"package":{"name":"gnupg","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/gnupg?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.19-1.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0292.json"}},{"package":{"name":"libgcrypt","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libgcrypt?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.4-5.3.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0292.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}