You are here
Home > Preporuke > Sigurnosni nedostatak programskih biblioteka libgcrypt11 i libgcrypt20

Sigurnosni nedostatak programskih biblioteka libgcrypt11 i libgcrypt20

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3065-1
August 18, 2016

libgcrypt11, libgcrypt20 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

Libgcrypt incorrectly generated random numbers.

Software Description:
– libgcrypt20: LGPL Crypto library
– libgcrypt11: LGPL Crypto library

Details:

Felix Dörre and Vladimir Klebanov discovered that Libgcrypt incorrectly
handled mixing functions in the random number generator. An attacker able
to obtain 4640 bits from the RNG can trivially predict the next 160 bits of
output.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libgcrypt20 1.6.5-2ubuntu0.2

Ubuntu 14.04 LTS:
libgcrypt11 1.5.3-2ubuntu4.4

Ubuntu 12.04 LTS:
libgcrypt11 1.5.0-3ubuntu0.6

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3065-1
CVE-2016-6313

Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.6.5-2ubuntu0.2
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.3-2ubuntu4.4
https://launchpad.net/ubuntu/+source/libgcrypt11/1.5.0-3ubuntu0.6

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJXtgnvAAoJEGVp2FWnRL6TBQ8P/RzR9Uf1O5gSo8S5vKZ2wJir
cdFM+4bZK8Wx6nCET5gcrgaWXHlfeJAt9iAkZjVtt0XSVKuHJeuRWPHTHBZ1N9tu
B+5I32pOmpcjgQIp0CIjT/OnDi3O8+wz0Q3/piy277SOtdMew5PlpdOsc7BrsC9d
Gqf9btOp1zqHI3cx461vsjXjN5coYqhdPXKfEcVM1oGZRqV/rdwb+bQnfH0MxPIv
sZW5ApOnHAtT/vDzPz+n/D1m51PdtDsbnFyvCDUHfAVPhK3Gt02xYZtzjuu3s3F9
Dp5l1RkOW385jj0/ALD4VCmTYfmLk8QtDMh0oCs5qawtogC9ComB+jS0OJfbZ4uL
s7Y9o/E/lo20fLHM7MgKukqxymQXy3G7SM4E6SYmfiZghi6RE2T0tLon12CJf0EF
cPGuYOqTGHnq0gyGjGJqKipcmMSOd2/nPLfh3nW2vbCY09HCDWrM/zU3/PCb3boh
Mcdyo7qbQSgNeiZf32taIBkoCjdTfyvyWciJsLNh/qu0eYlUI9JA31x5ajMET9t8
/aTMl0bwHLYpmFg9TbMgA16cyxJpiOviCV1cqBOKmynx+aDDY29z8GH3ksbseC7p
lI8OY8zlSMUQPnCpoKOWG8AJ1s4GzjFh50xjFwR8CYB0xSr+nYc9PuCqtMVn6bOk
yzUv5lJl0gGv/w6mGtbd
=A2cO
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2016-08-0127-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa python

Otkriveni su sigurnosni nedostaci u programskim paketima rh-python34-python python27-python python33-python rh-python35-python i python za Red Hat. Otkriveni nedostaci potencijalnim napadačima...

Close