Описание
Security update for libgcrypt
This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements.
libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591)
FIPS 140-2 related changes:
-
The library performs its self-tests when the module is complete (the -hmac file is also installed).
-
Added a NIST 800-90a compliant DRBG.
-
Change DSA key generation to be FIPS 186-4 compliant.
-
Change RSA key generation to be FIPS 186-4 compliant.
-
Enable HW support in fips mode (bnc#896435)
-
Make DSA selftest use 2048 bit keys (bnc#898003)
-
Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202)
-
Various CAVS testing improvements.
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:1179-1
- E-Mail link for SUSE-SU-2015:1179-1
- SUSE Security Ratings
- SUSE Bug 896202
- SUSE Bug 896435
- SUSE Bug 898003
- SUSE Bug 899524
- SUSE Bug 900275
- SUSE Bug 900276
- SUSE Bug 905483
- SUSE Bug 920057
- SUSE Bug 928740
- SUSE Bug 929919
- SUSE CVE CVE-2014-3591 page
Описание
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Затронутые продукты
Ссылки
- CVE-2014-3591
- SUSE Bug 920057
- SUSE Bug 949135