PaulHowarth/Blog/2016-08-21

Sunday 21st August 2016

Local Packages

  • Updated libgcrypt to 1.6.6:

    • Fix critical security bug in the RNG (CVE-2016-6313); an attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output

  • Updated libgcrypt (1.5) to 1.5.6:

    • Improved performance of RSA, DSA, and Elgamal by using a new exponentiation algorithm (CVE-2014-5270)

    • Fixed a subtle bug in mpi_set_bit that could set spurious bits

    • Fixed a bug in an internal division function
    • Mitigate chosen cipher text attacks on ECDH with Weierstrass curves (CVE-2015-7511)

    • Use ciphertext blinding for Elgamal decryption (CVE-2014-3591)

    • Fix critical security bug in the RNG (CVE-2016-6313); an attacker who obtains 580 bytes from the standard RNG can trivially predict the next 20 bytes of output

  • Updated perl-Email-Address (1.908), perl-Env-Sanctify (1.12) and perl-Error (0.17024) to build-require perl-generators for proper dependency generation

  • Updated perl-Module-CoreList to 5.20160820:

    • Updated for v5.25.4


Recent