Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

SUSE: 2019:1859-1 Moderate: libgcrypt Unique AES Attack Fix

suse
Calendar Grey July 16, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for libgcrypt ________________________________________________
An update that solves one vulnerability and has two fixes is now available

Summary

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) (bsc#1138939) Other bugfixes: - Don't run full FIPS self-tests from constructor (bsc#1097073) - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) - avoid executing some tests twice. - Fixed a race condition in initialization. - Fixed env-script-interpreter in cavs_driver.pl - Fixed redundant fips tests in some situations causing failure to boot in

Topics%20covered

Topics Covered

security advisory moderate patch SUSE AES libgcrypt

References

#1097073 #1125740 #1138939

Cross- CVE-2019-12904

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2019-12904.html

https://bugzilla.suse.com/1097073

https://bugzilla.suse.com/1125740

https://bugzilla.suse.com/1138939

Announcement ID: SUSE-SU-2019:1859-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate patch SUSE AES libgcrypt

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here