Mailinglist Archive: opensuse-updates (58 mails)

< Previous Next >
openSUSE-SU-2013:1294-1: moderate: libgcrypt: update to 1.5.3
openSUSE Security Update: libgcrypt: update to 1.5.3
______________________________________________________________________________

Announcement ID: openSUSE-SU-2013:1294-1
Rating: moderate
References: #810759 #831359
Affected Products:
openSUSE 12.3
openSUSE 12.2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:


libgcrypt was updated to 1.5.3 [bnc#831359] to fix a
security issue, bugs and get some new features:

Security issue fixed:
* Mitigate the Yarom/Falkner flush+reload side-channel
attack on RSA secret keys. See
<http://eprint.iacr.org/2013/448>.

- contains changes from 1.5.2
* The upstream sources now contain the IDEA algorithm,
dropping: idea.c.gz libgcrypt-1.5.0-idea.patch
libgcrypt-1.5.0-idea_codecleanup.patch
* Made the Padlock code work again (regression since
1.5.0).
* Fixed alignment problems for Serpent.
* Fixed two bugs in ECC computations.
- add GPL3.0+ to License tag because of dumpsexp
(bnc#810759)
- contains changes from 1.5.1
* Allow empty passphrase with PBKDF2.
* Do not abort on an invalid algorithm number in
gcry_cipher_get_algo_keylen and
gcry_cipher_get_algo_blklen.
* Fixed some Valgrind warnings.
* Fixed a problem with select and high fd numbers.
* Improved the build system
* Various minor bug fixes.
* Interface changes relative to the 1.5.0 release:
GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW.
GCRYPT_VERSION_NUMBER NEW.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 12.3:

zypper in -t patch openSUSE-2013-627

- openSUSE 12.2:

zypper in -t patch openSUSE-2013-627

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 12.3 (i586 x86_64):

libgcrypt-debugsource-1.5.3-12.4.1
libgcrypt-devel-1.5.3-12.4.1
libgcrypt-devel-debuginfo-1.5.3-12.4.1
libgcrypt11-1.5.3-12.4.1
libgcrypt11-debuginfo-1.5.3-12.4.1

- openSUSE 12.3 (x86_64):

libgcrypt-devel-32bit-1.5.3-12.4.1
libgcrypt-devel-debuginfo-32bit-1.5.3-12.4.1
libgcrypt11-32bit-1.5.3-12.4.1
libgcrypt11-debuginfo-32bit-1.5.3-12.4.1

- openSUSE 12.2 (i586 x86_64):

libgcrypt-debugsource-1.5.3-9.5.1
libgcrypt-devel-1.5.3-9.5.1
libgcrypt-devel-debuginfo-1.5.3-9.5.1
libgcrypt11-1.5.3-9.5.1
libgcrypt11-debuginfo-1.5.3-9.5.1

- openSUSE 12.2 (x86_64):

libgcrypt-devel-32bit-1.5.3-9.5.1
libgcrypt-devel-debuginfo-32bit-1.5.3-9.5.1
libgcrypt11-32bit-1.5.3-9.5.1
libgcrypt11-debuginfo-32bit-1.5.3-9.5.1


References:

https://bugzilla.novell.com/810759
https://bugzilla.novell.com/831359


< Previous Next >
This Thread
  • No further messages