Recommended update for libgcrypt

Announcement ID:	SUSE-RU-2024:2705-1
Rating:	moderate
References:	bsc#1208924 bsc#1208925 bsc#1208926
Affected Products:	Certifications Module 15-SP5 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that has three fixes can now be installed.

Description:

This update for libgcrypt fixes the following issues:

• FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
• FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
• FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926]

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Certifications Module 15-SP5
  zypper in -t patch SUSE-SLE-Module-Certifications-15-SP5-2024-2705=1

Package List:

• Certifications Module 15-SP5 (aarch64 ppc64le s390x x86_64)
  • libgcrypt20-hmac-1.9.4-150400.6.8.1
  • libgcrypt20-1.9.4-150400.6.8.1
  • libgcrypt-debugsource-1.9.4-150400.6.8.1
  • libgcrypt20-debuginfo-1.9.4-150400.6.8.1
• Certifications Module 15-SP5 (ppc64le s390x x86_64)
  • libgcrypt-cavs-1.9.4-150400.6.8.1
  • libgcrypt-devel-1.9.4-150400.6.8.1
  • libgcrypt-devel-debuginfo-1.9.4-150400.6.8.1
  • libgcrypt-cavs-debuginfo-1.9.4-150400.6.8.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1208924
• https://bugzilla.suse.com/show_bug.cgi?id=1208925
• https://bugzilla.suse.com/show_bug.cgi?id=1208926