Security update for libgcrypt

SUSE Security Update: Security update for libgcrypt
Announcement ID: SUSE-SU-2019:3392-1
Rating: moderate
References: #1148987 #1155338 #1155339
Cross-References:CVE-2019-13627
Affected Products:
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1

An update that solves one vulnerability and has two fixes is now available.

Description:

This update for libgcrypt fixes the following issues:
Security issues fixed:

  • CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987).

Bug fixes:
  • Added CMAC AES self test (bsc#1155339).
  • Added CMAC TDES self test missing (bsc#1155338).
  • Fix test dsa-rfc6979 in FIPS mode.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3392=1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-3392=1

Package List:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (aarch64 ppc64le s390x x86_64):
    • libgcrypt-cavs-1.8.2-8.12.1
    • libgcrypt-cavs-debuginfo-1.8.2-8.12.1
    • libgcrypt-debugsource-1.8.2-8.12.1
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    • libgcrypt-devel-32bit-1.8.2-8.12.1
    • libgcrypt-devel-32bit-debuginfo-1.8.2-8.12.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    • libgcrypt-debugsource-1.8.2-8.12.1
    • libgcrypt-devel-1.8.2-8.12.1
    • libgcrypt-devel-debuginfo-1.8.2-8.12.1
    • libgcrypt20-1.8.2-8.12.1
    • libgcrypt20-debuginfo-1.8.2-8.12.1
    • libgcrypt20-hmac-1.8.2-8.12.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):
    • libgcrypt20-32bit-1.8.2-8.12.1
    • libgcrypt20-32bit-debuginfo-1.8.2-8.12.1
    • libgcrypt20-hmac-32bit-1.8.2-8.12.1

References: