openSUSE-FU-2026:20562-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-FU-2026:20562-1.json
JSON Data
https://api.osv.dev/v1/vulns/openSUSE-FU-2026:20562-1
Upstream
Related
Published
2026-04-17T10:37:59Z
Modified
2026-04-22T18:25:31.235033Z
Summary
Feature update for libgcrypt, libgpg-error
Details

This update for libgcrypt, libgpg-error fixes the following issues:

Update libgcrypt to 1.12.1 (jsc#PED-15059):

  • New and extended interfaces:

    • Allow access to the FIPS service indicator via the new GCRYCTLFIPSSERVICE_INDICATOR control code.
    • Make SHA-1 non-FIPS internally for the 1.12 API
    • Add Dilithium (ML-DSA) support
    • Support optional random-override and support byte string data

  • Bug fixes:

    • Use secure MPI in gcrympiassignlimb_space.
    • Use CSIDLCOMMONAPPDATA instead of /etc on Windows.
    • Apply a Kyber patch from upstream.
    • Fix an edge case in Jent initialization.
    • mceliece6688128f: Fix stack overflow crash on win64/wine
    • Performance:
    • Many performance improvements, new AVX512 implementations for modern CPUs.
    • Add RISC-V Zbb+Zbc implementation of CRC.
    • Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
    • Add AVX2 and AVX512 code paths to improve CRC.

For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0

Update libgpg-error to 1.58:

  • New src/gpg-error.c (main): New command "fconcat".
  • Rename src/spawn-posix.c (struct gpgrtspawnactions): Rename the field to ENVP.
  • argparse: Use SYSCONFDIR for /etc.
  • Update translations for Portugese, German
  • src/estream.c (parse_mode): Fix parsing of "share". Set sysopen flag.
  • syscfg: Add 64-bit Android arch.
References

Affected packages

openSUSE:Leap 16.0 / libgcrypt

Package

Name
libgcrypt
Purl
pkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Leap%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.12.1-160000.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "libgcrypt-devel-x86-64-v3": "1.12.1-160000.1.1",
            "libgpg-error0": "1.58-160000.1.1",
            "libgcrypt20-x86-64-v3": "1.12.1-160000.1.1",
            "libgcrypt20": "1.12.1-160000.1.1",
            "libgpg-error-devel": "1.58-160000.1.1",
            "libgcrypt-devel": "1.12.1-160000.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-FU-2026:20562-1.json"

openSUSE:Leap 16.0 / libgpg-error

Package

Name
libgpg-error
Purl
pkg:rpm/opensuse/libgpg-error&distro=openSUSE%20Leap%2016.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.58-160000.1.1

Ecosystem specific 

{
    "binaries": [
        {
            "libgcrypt-devel-x86-64-v3": "1.12.1-160000.1.1",
            "libgpg-error0": "1.58-160000.1.1",
            "libgcrypt20-x86-64-v3": "1.12.1-160000.1.1",
            "libgcrypt20": "1.12.1-160000.1.1",
            "libgpg-error-devel": "1.58-160000.1.1",
            "libgcrypt-devel": "1.12.1-160000.1.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/openSUSE-FU-2026:20562-1.json"