Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

SUSE: 2019:3392-1 Moderate: libgcrypt ECDSA Timing Attack Fix

suse
Calendar Grey December 27, 2019
Dist Suse Esm H88
SUSE Security Update: Security update for libgcrypt ________________________________________________
An update that solves one vulnerability and has two fixes is now available

Summary

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1: zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3392=1 - SUSE Linux Enterprise Module for Basesystem 15-SP1: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-3392=1 Package List:

References

#1148987 #1155338 #1155339

Cross- CVE-2019-13627

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Basesystem 15-SP1

https://www.suse.com/security/cve/CVE-2019-13627.html

https://bugzilla.suse.com/1148987

https://bugzilla.suse.com/1155338

https://bugzilla.suse.com/1155339

Announcement ID: SUSE-SU-2019:3392-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here