Описание
Security update for libgcrypt
This update fixes the following issues:
Security:
- Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] (bsc#920057)
Bugfixes:
- don't drop privileges when locking secure memory (bsc#938343)
Список пакетов
SUSE Linux Enterprise Desktop 12
libgcrypt20-1.6.1-16.1
libgcrypt20-32bit-1.6.1-16.1
SUSE Linux Enterprise Server 12
libgcrypt20-1.6.1-16.1
libgcrypt20-32bit-1.6.1-16.1
libgcrypt20-hmac-1.6.1-16.1
libgcrypt20-hmac-32bit-1.6.1-16.1
SUSE Linux Enterprise Server for SAP Applications 12
libgcrypt20-1.6.1-16.1
libgcrypt20-32bit-1.6.1-16.1
libgcrypt20-hmac-1.6.1-16.1
libgcrypt20-hmac-32bit-1.6.1-16.1
SUSE Linux Enterprise Software Development Kit 12
libgcrypt-devel-1.6.1-16.1
Ссылки
- Link for SUSE-SU-2015:1511-1
- E-Mail link for SUSE-SU-2015:1511-1
- SUSE Security Ratings
- SUSE Bug 920057
- SUSE Bug 938343
- SUSE CVE CVE-2015-0837 page
Описание
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libgcrypt20-1.6.1-16.1
SUSE Linux Enterprise Desktop 12:libgcrypt20-32bit-1.6.1-16.1
SUSE Linux Enterprise Server 12:libgcrypt20-1.6.1-16.1
SUSE Linux Enterprise Server 12:libgcrypt20-32bit-1.6.1-16.1
Ссылки
- CVE-2015-0837
- SUSE Bug 920057