SUSE-SU-2015:1179-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1179-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:1179-1
- Related
- Published
- 2015-06-11T13:44:58Z
- Modified
- 2015-06-11T13:44:58Z
- Summary
- Security update for libgcrypt
- Details
-
This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements.
libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591)
FIPS 140-2 related changes: * The library performs its self-tests when the module is complete (the -hmac file is also installed).
Added a NIST 800-90a compliant DRBG.
Change DSA key generation to be FIPS 186-4 compliant.
Change RSA key generation to be FIPS 186-4 compliant.
Enable HW support in fips mode (bnc#896435)
Make DSA selftest use 2048 bit keys (bnc#898003)
Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202)
Various CAVS testing improvements.
- References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20151179-1/
- https://bugzilla.suse.com/896202
- https://bugzilla.suse.com/896435
- https://bugzilla.suse.com/898003
- https://bugzilla.suse.com/899524
- https://bugzilla.suse.com/900275
- https://bugzilla.suse.com/900276
- https://bugzilla.suse.com/905483
- https://bugzilla.suse.com/920057
- https://bugzilla.suse.com/928740
- https://bugzilla.suse.com/929919
- https://www.suse.com/security/cve/CVE-2014-3591
Affected packages
SUSE:Linux Enterprise Desktop 12 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- purl:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012
SUSE:Linux Enterprise Software Development Kit 12 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- purl:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
SUSE:Linux Enterprise Server 12 / libgcrypt
Package
- Name
- libgcrypt
- Purl
- purl:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012