Feature update for libgcrypt, libgpg-error

Announcement ID:	SUSE-FU-2026:21213-1
Release Date:	2026-04-17T10:37:59Z
Rating:	moderate
References:	jsc#PED-15059 jsc#PED-15907
Cross-References:	CVE-2024-2236
CVSS scores:	CVE-2024-2236 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2024-2236 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0

An update that solves one vulnerability and contains two features can now be installed.

Description:

This update for libgcrypt, libgpg-error fixes the following issues:

Update libgcrypt to 1.12.1 (jsc#PED-15059):

• New and extended interfaces:
• Allow access to the FIPS service indicator via the new GCRYCTL_FIPS_SERVICE_INDICATOR control code.
• Make SHA-1 non-FIPS internally for the 1.12 API
• Add Dilithium (ML-DSA) support

• Support optional random-override and support byte string data

• Bug fixes:

• Use secure MPI in _gcry_mpi_assign_limb_space.
• Use CSIDL_COMMON_APPDATA instead of /etc on Windows.
• Apply a Kyber patch from upstream.
• Fix an edge case in Jent initialization.
• mceliece6688128f: Fix stack overflow crash on win64/wine
• Performance:
• Many performance improvements, new AVX512 implementations for modern CPUs.
• Add RISC-V Zbb+Zbc implementation of CRC.
• Add RISC-V vector cryptography implementation of GHASH, AES, SHA256 and SHA512
• Add AVX2 and AVX512 code paths to improve CRC.

For a full changelog, see: https://dev.gnupg.org/source/libgcrypt/history/master/;libgcrypt-1.12.0

Update libgpg-error to 1.58:

• New src/gpg-error.c (main): New command "fconcat".
• Rename src/spawn-posix.c (struct gpgrt_spawn_actions): Rename the field to ENVP.
• argparse: Use SYSCONFDIR for /etc.
• Update translations for Portugese, German
• src/estream.c (parse_mode): Fix parsing of "share". Set sysopen flag.
• syscfg: Add 64-bit Android arch.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server for SAP applications 16.0
  zypper in -t patch SUSE-SLES-16.0-585=1
• SUSE Linux Enterprise Server 16.0
  zypper in -t patch SUSE-SLES-16.0-585=1

Package List:

• SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
  • libgpg-error-devel-debuginfo-1.58-160000.1.1
  • libgpg-error-debugsource-1.58-160000.1.1
  • libgpg-error0-1.58-160000.1.1
  • libgcrypt-debugsource-1.12.1-160000.1.1
  • libgpg-error-devel-1.58-160000.1.1
  • libgcrypt20-1.12.1-160000.1.1
  • libgcrypt-devel-1.12.1-160000.1.1
  • libgcrypt-devel-debuginfo-1.12.1-160000.1.1
  • libgcrypt20-debuginfo-1.12.1-160000.1.1
  • libgpg-error0-debuginfo-1.58-160000.1.1
• SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64)
  • libgcrypt20-x86-64-v3-debuginfo-1.12.1-160000.1.1
  • libgcrypt-devel-x86-64-v3-1.12.1-160000.1.1
  • libgcrypt20-x86-64-v3-1.12.1-160000.1.1
• SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
  • libgpg-error-devel-debuginfo-1.58-160000.1.1
  • libgpg-error-debugsource-1.58-160000.1.1
  • libgpg-error0-1.58-160000.1.1
  • libgcrypt-debugsource-1.12.1-160000.1.1
  • libgpg-error-devel-1.58-160000.1.1
  • libgcrypt20-1.12.1-160000.1.1
  • libgcrypt-devel-1.12.1-160000.1.1
  • libgcrypt-devel-debuginfo-1.12.1-160000.1.1
  • libgcrypt20-debuginfo-1.12.1-160000.1.1
  • libgpg-error0-debuginfo-1.58-160000.1.1
• SUSE Linux Enterprise Server 16.0 (x86_64)
  • libgcrypt20-x86-64-v3-debuginfo-1.12.1-160000.1.1
  • libgcrypt-devel-x86-64-v3-1.12.1-160000.1.1
  • libgcrypt20-x86-64-v3-1.12.1-160000.1.1

References:

• https://www.suse.com/security/cve/CVE-2024-2236.html
• https://jira.suse.com/browse/PED-15059
• https://jira.suse.com/browse/PED-15907