Описание
Security update for libgcrypt
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libgcrypt20-1.6.1-16.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS
libgcrypt-devel-1.6.1-16.86.1
libgcrypt20-1.6.1-16.86.1
libgcrypt20-32bit-1.6.1-16.86.1
libgcrypt20-hmac-1.6.1-16.86.1
libgcrypt20-hmac-32bit-1.6.1-16.86.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libgcrypt-devel-1.6.1-16.86.1
libgcrypt20-1.6.1-16.86.1
libgcrypt20-32bit-1.6.1-16.86.1
libgcrypt20-hmac-1.6.1-16.86.1
libgcrypt20-hmac-32bit-1.6.1-16.86.1
Ссылки
- Link for SUSE-SU-2025:02756-1
- E-Mail link for SUSE-SU-2025:02756-1
- SUSE Security Ratings
- SUSE Bug 1221107
- SUSE CVE CVE-2024-2236 page
Описание
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libgcrypt20-1.6.1-16.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libgcrypt-devel-1.6.1-16.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libgcrypt20-1.6.1-16.86.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libgcrypt20-32bit-1.6.1-16.86.1
Ссылки
- CVE-2024-2236
- SUSE Bug 1221107