openSUSE Security Update: libgcrypt: Remediation for side-channel attack on Elgamal encryption subkeys ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1058-1 Rating: moderate References: #891018 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: libgcrypt was updated to 1.5.4 to prevent a side-channel attack on Elgamal encryption subkeys. Besides that the following issues were resolved: - Improved performance of RSA, DSA, and Elgamal by using a new exponentiation algorithm. - Fixed a subtle bug in mpi_set_bit which could set spurious bits. - Fixed a bug in an internal division function. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-512 - openSUSE 12.3: zypper in -t patch openSUSE-2014-512 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): libgcrypt-debugsource-1.5.4-2.4.1 libgcrypt-devel-1.5.4-2.4.1 libgcrypt-devel-debuginfo-1.5.4-2.4.1 libgcrypt11-1.5.4-2.4.1 libgcrypt11-debuginfo-1.5.4-2.4.1 - openSUSE 13.1 (x86_64): libgcrypt-devel-32bit-1.5.4-2.4.1 libgcrypt-devel-debuginfo-32bit-1.5.4-2.4.1 libgcrypt11-32bit-1.5.4-2.4.1 libgcrypt11-debuginfo-32bit-1.5.4-2.4.1 - openSUSE 12.3 (i586 x86_64): libgcrypt-debugsource-1.5.4-12.8.1 libgcrypt-devel-1.5.4-12.8.1 libgcrypt-devel-debuginfo-1.5.4-12.8.1 libgcrypt11-1.5.4-12.8.1 libgcrypt11-debuginfo-1.5.4-12.8.1 - openSUSE 12.3 (x86_64): libgcrypt-devel-32bit-1.5.4-12.8.1 libgcrypt-devel-debuginfo-32bit-1.5.4-12.8.1 libgcrypt11-32bit-1.5.4-12.8.1 libgcrypt11-debuginfo-32bit-1.5.4-12.8.1 References: https://bugzilla.novell.com/891018