Security update for libgcrypt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2423-1 Final 1 1 2016-09-30T13:09:05Z current 2016-09-30T13:09:05Z 2016-09-30T13:09:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libgcrypt This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (bsc#994157, CVE-2016-6313) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-09/msg00108.html E-Mail link for openSUSE-SU-2016:2423-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libgcrypt-1.6.1-32.1 libgcrypt-cavs-1.6.1-32.1 libgcrypt-devel-1.6.1-32.1 libgcrypt-devel-32bit-1.6.1-32.1 libgcrypt20-1.6.1-32.1 libgcrypt20-32bit-1.6.1-32.1 libgcrypt20-hmac-1.6.1-32.1 libgcrypt20-hmac-32bit-1.6.1-32.1 libgcrypt-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt-cavs-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt-devel-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt-devel-32bit-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt20-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt20-32bit-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt20-hmac-1.6.1-32.1 as a component of openSUSE Leap 42.1 libgcrypt20-hmac-32bit-1.6.1-32.1 as a component of openSUSE Leap 42.1 The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVE-2016-6313 openSUSE Leap 42.1:libgcrypt-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt-cavs-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt-devel-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt-devel-32bit-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt20-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt20-32bit-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt20-hmac-1.6.1-32.1 openSUSE Leap 42.1:libgcrypt20-hmac-32bit-1.6.1-32.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-09/msg00108.html https://www.suse.com/security/cve/CVE-2016-6313.html CVE-2016-6313 https://bugzilla.suse.com/1123792 SUSE Bug 1123792 https://bugzilla.suse.com/994157 SUSE Bug 994157