UBUNTU-CVE-2016-6313
See a problem?- Source
- https://ubuntu.com/security/notices/UBUNTU-CVE-2016-6313
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6313.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6313
- Related
- Published
- 2016-08-17T00:00:00Z
- Modified
- 2016-08-17T00:00:00Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- References
Affected packages
Ubuntu:14.04:LTS / gnupg
Package
- Name
- gnupg
- Purl
- pkg:deb/ubuntu/gnupg@1.4.16-1ubuntu2.4?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.16-1ubuntu2.4
Affected versions
1.*
1.4.14-1ubuntu2
1.4.15-1.1ubuntu1
1.4.15-1.1ubuntu2
1.4.15-2ubuntu1
1.4.16-1ubuntu1
1.4.16-1ubuntu2
1.4.16-1ubuntu2.1
1.4.16-1ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"gnupg-curl": "1.4.16-1ubuntu2.4",
"gnupg-udeb": "1.4.16-1ubuntu2.4",
"gnupg-udeb-dbgsym": "1.4.16-1ubuntu2.4",
"gnupg-dbgsym": "1.4.16-1ubuntu2.4",
"gnupg": "1.4.16-1ubuntu2.4",
"gpgv": "1.4.16-1ubuntu2.4",
"gnupg-curl-dbgsym": "1.4.16-1ubuntu2.4",
"gpgv-udeb-dbgsym": "1.4.16-1ubuntu2.4",
"gpgv-dbgsym": "1.4.16-1ubuntu2.4",
"gpgv-udeb": "1.4.16-1ubuntu2.4"
}
]
}
Ubuntu:14.04:LTS / libgcrypt11
Package
- Name
- libgcrypt11
- Purl
- pkg:deb/ubuntu/libgcrypt11@1.5.3-2ubuntu4.4?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.5.3-2ubuntu4.4
Affected versions
1.*
1.5.0-3ubuntu3
1.5.3-2ubuntu1
1.5.3-2ubuntu4
1.5.3-2ubuntu4.1
1.5.3-2ubuntu4.2
1.5.3-2ubuntu4.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"libgcrypt11-dbg": "1.5.3-2ubuntu4.4",
"libgcrypt11-udeb-dbgsym": "1.5.3-2ubuntu4.4",
"libgcrypt11-dbgsym": "1.5.3-2ubuntu4.4",
"libgcrypt11-doc": "1.5.3-2ubuntu4.4",
"libgcrypt11-dev": "1.5.3-2ubuntu4.4",
"libgcrypt11-udeb": "1.5.3-2ubuntu4.4",
"libgcrypt11-dev-dbgsym": "1.5.3-2ubuntu4.4",
"libgcrypt11": "1.5.3-2ubuntu4.4"
}
]
}
Ubuntu:16.04:LTS / gnupg
Package
- Name
- gnupg
- Purl
- pkg:deb/ubuntu/gnupg@1.4.20-1ubuntu3.1?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.20-1ubuntu3.1
Affected versions
1.*
1.4.18-7ubuntu1
1.4.19-6ubuntu1
1.4.20-1ubuntu1
1.4.20-1ubuntu2
1.4.20-1ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"gnupg-curl": "1.4.20-1ubuntu3.1",
"gpgv-dbgsym": "1.4.20-1ubuntu3.1",
"gnupg-dbgsym": "1.4.20-1ubuntu3.1",
"gnupg": "1.4.20-1ubuntu3.1",
"gpgv": "1.4.20-1ubuntu3.1",
"gnupg-curl-dbgsym": "1.4.20-1ubuntu3.1",
"gpgv-udeb-dbgsym": "1.4.20-1ubuntu3.1",
"gnupg-dbg": "1.4.20-1ubuntu3.1",
"gpgv-udeb": "1.4.20-1ubuntu3.1"
}
]
}
Ubuntu:16.04:LTS / libgcrypt20
Package
- Name
- libgcrypt20
- Purl
- pkg:deb/ubuntu/libgcrypt20@1.6.5-2ubuntu0.2?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.6.5-2ubuntu0.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "high",
"binaries": [
{
"libgcrypt20-udeb-dbgsym": "1.6.5-2ubuntu0.2",
"libgcrypt20-doc": "1.6.5-2ubuntu0.2",
"libgcrypt20": "1.6.5-2ubuntu0.2",
"libgcrypt20-dev": "1.6.5-2ubuntu0.2",
"libgcrypt11-dev": "1.5.4-3+really1.6.5-2ubuntu0.2",
"libgcrypt20-dev-dbgsym": "1.6.5-2ubuntu0.2",
"libgcrypt20-dbgsym": "1.6.5-2ubuntu0.2",
"libgcrypt20-udeb": "1.6.5-2ubuntu0.2"
}
]
}