Security update for libgcrypt

Announcement ID:	SUSE-SU-2015:1179-1
Rating:	moderate
References:	bsc#896202 bsc#896435 bsc#898003 bsc#899524 bsc#900275 bsc#900276 bsc#905483 bsc#920057 bsc#928740 bsc#929919
Cross-References:	CVE-2014-3591
CVSS scores:	CVE-2014-3591 ( NVD ): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12

An update that solves one vulnerability and has nine security fixes can now be installed.

Description:

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements.

libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591)

FIPS 140-2 related changes: * The library performs its self-tests when the module is complete (the -hmac file is also installed).

• Added a NIST 800-90a compliant DRBG.

• Change DSA key generation to be FIPS 186-4 compliant.

• Change RSA key generation to be FIPS 186-4 compliant.

• Enable HW support in fips mode (bnc#896435)

• Make DSA selftest use 2048 bit keys (bnc#898003)

• Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202)

• Various CAVS testing improvements.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-296=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-296=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-296=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-296=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • libgcrypt20-1.6.1-13.1
  • libgcrypt-debugsource-1.6.1-13.1
  • libgcrypt20-32bit-1.6.1-13.1
  • libgcrypt20-debuginfo-32bit-1.6.1-13.1
  • libgcrypt20-debuginfo-1.6.1-13.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • libgcrypt-devel-1.6.1-13.1
  • libgcrypt-devel-debuginfo-1.6.1-13.1
  • libgcrypt-debugsource-1.6.1-13.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • libgcrypt20-1.6.1-13.1
  • libgcrypt20-debuginfo-1.6.1-13.1
  • libgcrypt20-hmac-1.6.1-13.1
  • libgcrypt-debugsource-1.6.1-13.1
• SUSE Linux Enterprise Server 12 (s390x x86_64)
  • libgcrypt20-32bit-1.6.1-13.1
  • libgcrypt20-hmac-32bit-1.6.1-13.1
  • libgcrypt20-debuginfo-32bit-1.6.1-13.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • libgcrypt20-hmac-32bit-1.6.1-13.1
  • libgcrypt20-1.6.1-13.1
  • libgcrypt-debugsource-1.6.1-13.1
  • libgcrypt20-32bit-1.6.1-13.1
  • libgcrypt20-hmac-1.6.1-13.1
  • libgcrypt20-debuginfo-32bit-1.6.1-13.1
  • libgcrypt20-debuginfo-1.6.1-13.1

References:

• https://www.suse.com/security/cve/CVE-2014-3591.html
• https://bugzilla.suse.com/show_bug.cgi?id=896202
• https://bugzilla.suse.com/show_bug.cgi?id=896435
• https://bugzilla.suse.com/show_bug.cgi?id=898003
• https://bugzilla.suse.com/show_bug.cgi?id=899524
• https://bugzilla.suse.com/show_bug.cgi?id=900275
• https://bugzilla.suse.com/show_bug.cgi?id=900276
• https://bugzilla.suse.com/show_bug.cgi?id=905483
• https://bugzilla.suse.com/show_bug.cgi?id=920057
• https://bugzilla.suse.com/show_bug.cgi?id=928740
• https://bugzilla.suse.com/show_bug.cgi?id=929919