GLSA-201610-04 : libgcrypt: Multiple vulnerabilities
Medium Nessus Plugin ID 93946
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201610-04 (libgcrypt: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in libgcrypt. Please review the CVE identifiers referenced below for details.
Side-channel attacks can leak private key information. A separate critical bug allows an attacker who obtains 4640 bits from the RNG to trivially predict the next 160 bits of output.
There is no known workaround at this time.
SolutionAll libgcrypt users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/libgcrypt-1.7.3'