Upstream information

CVE-2015-5738 at MITRE

Description

The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

SUSE information

Overall state of this security issue: Pending

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:C/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact None
Availability Impact None
SUSE Bugzilla entries: 944456 [RESOLVED], 944835, 944836 [CONFIRMED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Module for Basesystem 15
  • libgcrypt-devel >= 1.8.2-4.5
  • libgcrypt20 >= 1.8.2-4.5
  • libgcrypt20-32bit >= 1.8.2-4.5
  • libgcrypt20-hmac >= 1.8.2-4.5
  • libgcrypt20-hmac-32bit >= 1.8.2-4.5
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libgcrypt-devel
openSUSE 13.1
  • libgcrypt >= 1.5.4-2.12.1
  • libgcrypt-debugsource >= 1.5.4-2.12.1
  • libgcrypt-devel >= 1.5.4-2.12.1
  • libgcrypt-devel-32bit >= 1.5.4-2.12.1
  • libgcrypt-devel-debuginfo >= 1.5.4-2.12.1
  • libgcrypt-devel-debuginfo-32bit >= 1.5.4-2.12.1
  • libgcrypt11 >= 1.5.4-2.12.1
  • libgcrypt11-32bit >= 1.5.4-2.12.1
  • libgcrypt11-debuginfo >= 1.5.4-2.12.1
  • libgcrypt11-debuginfo-32bit >= 1.5.4-2.12.1
Patchnames:
openSUSE-2015-597
openSUSE Leap 15.0
  • libgcrypt20 >= 1.8.2-lp150.4.2
  • libgcrypt20-32bit >= 1.8.2-lp150.4.2
Patchnames:
openSUSE Leap 15.0 GA libgcrypt20
openSUSE Tumbleweed
  • libgcrypt-cavs >= 1.7.3-1.3
  • libgcrypt-devel >= 1.7.3-1.3
  • libgcrypt-devel-32bit >= 1.7.3-1.3
  • libgcrypt20 >= 1.7.3-1.3
  • libgcrypt20-32bit >= 1.7.3-1.3
  • libgcrypt20-hmac >= 1.7.3-1.3
  • libgcrypt20-hmac-32bit >= 1.7.3-1.3
Patchnames:
openSUSE Tumbleweed GA libgcrypt-cavs