Security update for libgcrypt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2208-1 Final 1 1 2016-08-31T15:48:59Z current 2016-08-31T15:48:59Z 2016-08-31T15:48:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libgcrypt This update for libgcrypt fixes the following issues: - RNG prediction vulnerability (boo#994157, CVE-2016-6313) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-updates/2016-08/msg00126.html E-Mail link for openSUSE-SU-2016:2208-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE 13.2 libgcrypt-1.6.1-8.19.1 libgcrypt-cavs-1.6.1-8.19.1 libgcrypt-cavs-debuginfo-1.6.1-8.19.1 libgcrypt-debugsource-1.6.1-8.19.1 libgcrypt-devel-1.6.1-8.19.1 libgcrypt-devel-32bit-1.6.1-8.19.1 libgcrypt-devel-debuginfo-1.6.1-8.19.1 libgcrypt-devel-debuginfo-32bit-1.6.1-8.19.1 libgcrypt20-1.6.1-8.19.1 libgcrypt20-32bit-1.6.1-8.19.1 libgcrypt20-debuginfo-1.6.1-8.19.1 libgcrypt20-debuginfo-32bit-1.6.1-8.19.1 libgcrypt20-hmac-1.6.1-8.19.1 libgcrypt20-hmac-32bit-1.6.1-8.19.1 libgcrypt-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-cavs-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-cavs-debuginfo-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-debugsource-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-devel-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-devel-32bit-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-devel-debuginfo-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt-devel-debuginfo-32bit-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-32bit-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-debuginfo-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-debuginfo-32bit-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-hmac-1.6.1-8.19.1 as a component of openSUSE 13.2 libgcrypt20-hmac-32bit-1.6.1-8.19.1 as a component of openSUSE 13.2 The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. CVE-2016-6313 openSUSE 13.2:libgcrypt-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-cavs-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-cavs-debuginfo-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-debugsource-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-devel-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-devel-32bit-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-devel-debuginfo-1.6.1-8.19.1 openSUSE 13.2:libgcrypt-devel-debuginfo-32bit-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-32bit-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-debuginfo-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-debuginfo-32bit-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-hmac-1.6.1-8.19.1 openSUSE 13.2:libgcrypt20-hmac-32bit-1.6.1-8.19.1 important 2.5 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. http://lists.opensuse.org/opensuse-updates/2016-08/msg00126.html https://www.suse.com/security/cve/CVE-2016-6313.html CVE-2016-6313 https://bugzilla.suse.com/994157 SUSE Bug 994157