Описание
Security update for libgcrypt
This update for libgcrypt fixes the following issues:
- RNG prediction vulnerability (bsc#994157, CVE-2016-6313)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libgcrypt20-1.6.1-16.33.1
libgcrypt20-32bit-1.6.1-16.33.1
SUSE Linux Enterprise Server 12 SP1
libgcrypt20-1.6.1-16.33.1
libgcrypt20-32bit-1.6.1-16.33.1
libgcrypt20-hmac-1.6.1-16.33.1
libgcrypt20-hmac-32bit-1.6.1-16.33.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgcrypt20-1.6.1-16.33.1
libgcrypt20-32bit-1.6.1-16.33.1
libgcrypt20-hmac-1.6.1-16.33.1
libgcrypt20-hmac-32bit-1.6.1-16.33.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libgcrypt-devel-1.6.1-16.33.1
Ссылки
- Link for SUSE-SU-2016:2345-1
- E-Mail link for SUSE-SU-2016:2345-1
- SUSE Security Ratings
- SUSE Bug 994157
- SUSE CVE CVE-2016-6313 page
Описание
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libgcrypt20-1.6.1-16.33.1
SUSE Linux Enterprise Desktop 12 SP1:libgcrypt20-32bit-1.6.1-16.33.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-1.6.1-16.33.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-32bit-1.6.1-16.33.1
Ссылки
- CVE-2016-6313
- SUSE Bug 1123792
- SUSE Bug 994157