rpm package
suse/libgcrypt&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-6313 | Med | 5.3 | < 1.6.1-16.33.1 | 1.6.1-16.33.1 | Dec 13, 2016 | The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. | |
| CVE-2015-7511 | Low | 2.0 | < 1.6.1-16.27.1 | 1.6.1-16.27.1 | Apr 19, 2016 | Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. |
- affected < 1.6.1-16.33.1fixed 1.6.1-16.33.1
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
- affected < 1.6.1-16.27.1fixed 1.6.1-16.27.1
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.