Описание
Security update for libgcrypt
This update fixes the following issues:
- Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. (bsc#920057)
- Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical]
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP4
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
SUSE Linux Enterprise Server 11 SP3
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
libgcrypt11-x86-1.5.0-0.19.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
libgcrypt11-x86-1.5.0-0.19.1
SUSE Linux Enterprise Server 11 SP4
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
libgcrypt11-x86-1.5.0-0.19.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
libgcrypt11-x86-1.5.0-0.19.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libgcrypt11-1.5.0-0.19.1
libgcrypt11-32bit-1.5.0-0.19.1
libgcrypt11-x86-1.5.0-0.19.1
SUSE Linux Enterprise Software Development Kit 11 SP3
libgcrypt-devel-1.5.0-0.19.1
libgcrypt-devel-32bit-1.5.0-0.19.1
SUSE Linux Enterprise Software Development Kit 11 SP4
libgcrypt-devel-1.5.0-0.19.1
libgcrypt-devel-32bit-1.5.0-0.19.1
Ссылки
- Link for SUSE-SU-2015:1626-1
- E-Mail link for SUSE-SU-2015:1626-1
- SUSE Security Ratings
- SUSE Bug 920057
- SUSE CVE CVE-2014-3591 page
- SUSE CVE CVE-2015-0837 page
Описание
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libgcrypt11-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP3:libgcrypt11-32bit-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP4:libgcrypt11-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP4:libgcrypt11-32bit-1.5.0-0.19.1
Ссылки
- CVE-2014-3591
- SUSE Bug 920057
- SUSE Bug 949135
Описание
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libgcrypt11-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP3:libgcrypt11-32bit-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP4:libgcrypt11-1.5.0-0.19.1
SUSE Linux Enterprise Desktop 11 SP4:libgcrypt11-32bit-1.5.0-0.19.1
Ссылки
- CVE-2015-0837
- SUSE Bug 920057