Main Vulnerability Database SB2016081810

SB2016081810 - Ubuntu update for Libgcrypt

Published: August 18, 2016

Security Bulletin ID SB2016081810

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Libgcrypt weak encryption (CVE-ID: CVE-2016-6313)

The vulnerability allows a local user to decrypt data.

The vulnerability exists in the Libgcrypt library due to weak implementation of random number generator. A local user, who can obtain 4640 bits from random generator, can predict the next 160 bits of output.

Successful exploitation of this vulnerability may result in generation of weak encryption keys and may lead to sensitive information disclosure.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3065-1/