SUSE-SU-2019:2510-1

Опубликовано: 01 окт. 2019

Источник: suse-cvrf

Описание

Security update for libgcrypt

This update for libgcrypt fixes the following issues:

Security issues fixed:

CVE-2019-13627: Mitigated ECDSA timing attack. (bsc#1148987)

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

libgcrypt20-1.6.1-16.68.1

Container suse/ltss/sle12.5/sles12sp5:latest

libgcrypt20-1.6.1-16.68.1

Container suse/sles12sp3:latest

libgcrypt20-1.6.1-16.68.1

Container suse/sles12sp4:latest

libgcrypt20-1.6.1-16.68.1

Container suse/sles12sp5:latest

libgcrypt20-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

HPE Helion OpenStack 8

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

Image SLES12-SP4-Azure-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-EC2-HVM-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-GCE-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-OCI-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-Azure

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-Azure-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-EC2-HVM

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-GCE

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-GCE-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP4-SAP-OCI-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-Basic-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-HPC-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-HPC-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-SAP-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-SAP-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-Azure-Standard-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-EC2-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-EC2-ECS-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-EC2-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-EC2-SAP-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-EC2-SAP-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-GCE-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-GCE-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-GCE-SAP-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-GCE-SAP-On-Demand

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-OCI-BYOS-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libgcrypt20-1.6.1-16.68.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libgcrypt20-1.6.1-16.68.1

SUSE Enterprise Storage 4

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Enterprise Storage 5

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Desktop 12 SP4

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP1-LTSS

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP2-BCL

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP2-LTSS

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP3-BCL

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP3-LTSS

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP4

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server 12 SP5

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libgcrypt-devel-1.6.1-16.68.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libgcrypt-devel-1.6.1-16.68.1

SUSE OpenStack Cloud 7

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE OpenStack Cloud 8

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

SUSE OpenStack Cloud Crowbar 8

libgcrypt20-1.6.1-16.68.1

libgcrypt20-32bit-1.6.1-16.68.1

libgcrypt20-hmac-1.6.1-16.68.1

libgcrypt20-hmac-32bit-1.6.1-16.68.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192510-1/
Link for SUSE-SU-2019:2510-1
https://lists.suse.com/pipermail/sle-security-updates/2019-October/005976.html
E-Mail link for SUSE-SU-2019:2510-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1148987
SUSE Bug 1148987
https://www.suse.com/security/cve/CVE-2019-13627/
SUSE CVE CVE-2019-13627 page

Описание

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libgcrypt20-1.6.1-16.68.1

Container suse/ltss/sle12.5/sles12sp5:latest:libgcrypt20-1.6.1-16.68.1

Container suse/sles12sp3:latest:libgcrypt20-1.6.1-16.68.1

Container suse/sles12sp4:latest:libgcrypt20-1.6.1-16.68.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13627.html
CVE-2019-13627
https://bugzilla.suse.com/1148987
SUSE Bug 1148987

SUSE-SU-2019:2510-1

Описание

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp3:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

HPE Helion OpenStack 8

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 4

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-BCL

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud Crowbar 8

Ссылки

Уязвимость: CVE-2019-13627

Описание

Затронутые продукты

Ссылки