openSUSE Security Update: libgcrypt: update to 1.5.3 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1294-1 Rating: moderate References: #810759 #831359 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: libgcrypt was updated to 1.5.3 [bnc#831359] to fix a security issue, bugs and get some new features: Security issue fixed: * Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448>. - contains changes from 1.5.2 * The upstream sources now contain the IDEA algorithm, dropping: idea.c.gz libgcrypt-1.5.0-idea.patch libgcrypt-1.5.0-idea_codecleanup.patch * Made the Padlock code work again (regression since 1.5.0). * Fixed alignment problems for Serpent. * Fixed two bugs in ECC computations. - add GPL3.0+ to License tag because of dumpsexp (bnc#810759) - contains changes from 1.5.1 * Allow empty passphrase with PBKDF2. * Do not abort on an invalid algorithm number in gcry_cipher_get_algo_keylen and gcry_cipher_get_algo_blklen. * Fixed some Valgrind warnings. * Fixed a problem with select and high fd numbers. * Improved the build system * Various minor bug fixes. * Interface changes relative to the 1.5.0 release: GCRYCTL_SET_ENFORCED_FIPS_FLAG NEW. GCRYPT_VERSION_NUMBER NEW. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-627 - openSUSE 12.2: zypper in -t patch openSUSE-2013-627 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (i586 x86_64): libgcrypt-debugsource-1.5.3-12.4.1 libgcrypt-devel-1.5.3-12.4.1 libgcrypt-devel-debuginfo-1.5.3-12.4.1 libgcrypt11-1.5.3-12.4.1 libgcrypt11-debuginfo-1.5.3-12.4.1 - openSUSE 12.3 (x86_64): libgcrypt-devel-32bit-1.5.3-12.4.1 libgcrypt-devel-debuginfo-32bit-1.5.3-12.4.1 libgcrypt11-32bit-1.5.3-12.4.1 libgcrypt11-debuginfo-32bit-1.5.3-12.4.1 - openSUSE 12.2 (i586 x86_64): libgcrypt-debugsource-1.5.3-9.5.1 libgcrypt-devel-1.5.3-9.5.1 libgcrypt-devel-debuginfo-1.5.3-9.5.1 libgcrypt11-1.5.3-9.5.1 libgcrypt11-debuginfo-1.5.3-9.5.1 - openSUSE 12.2 (x86_64): libgcrypt-devel-32bit-1.5.3-9.5.1 libgcrypt-devel-debuginfo-32bit-1.5.3-9.5.1 libgcrypt11-32bit-1.5.3-9.5.1 libgcrypt11-debuginfo-32bit-1.5.3-9.5.1 References: https://bugzilla.novell.com/810759 https://bugzilla.novell.com/831359