Security update for libgcrypt
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:1089-1
Final
1
1
2016-04-18T07:18:36Z
current
2016-04-18T07:18:36Z
2016-04-18T07:18:36Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libgcrypt
libgcrypt was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-7511: Side-channel attack on ECDH with Weierstrass curves (bsc#965902).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-2016-636,SUSE-SLE-DESKTOP-12-SP1-2016-636,SUSE-SLE-SDK-12-2016-636,SUSE-SLE-SDK-12-SP1-2016-636,SUSE-SLE-SERVER-12-2016-636,SUSE-SLE-SERVER-12-SP1-2016-636
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20161089-1/
Link for SUSE-SU-2016:1089-1
https://lists.suse.com/pipermail/sle-security-updates/2016-April/002017.html
E-Mail link for SUSE-SU-2016:1089-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/965902
SUSE Bug 965902
https://www.suse.com/security/cve/CVE-2015-7511/
SUSE CVE CVE-2015-7511 page
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
libgcrypt20-1.6.1-16.27.1
libgcrypt20-32bit-1.6.1-16.27.1
libgcrypt-devel-1.6.1-16.27.1
libgcrypt20-hmac-1.6.1-16.27.1
libgcrypt20-hmac-32bit-1.6.1-16.27.1
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Desktop 12
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Desktop 12
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12
libgcrypt20-hmac-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12
libgcrypt20-hmac-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12 SP1
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12 SP1
libgcrypt20-hmac-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12 SP1
libgcrypt20-hmac-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server 12 SP1
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libgcrypt20-hmac-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libgcrypt20-hmac-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
libgcrypt20-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgcrypt20-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgcrypt20-hmac-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgcrypt20-hmac-32bit-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgcrypt-devel-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Software Development Kit 12
libgcrypt-devel-1.6.1-16.27.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations.
CVE-2015-7511
SUSE Linux Enterprise Desktop 12 SP1:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Desktop 12 SP1:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Desktop 12:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Desktop 12:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-hmac-1.6.1-16.27.1
SUSE Linux Enterprise Server 12 SP1:libgcrypt20-hmac-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server 12:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Server 12:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server 12:libgcrypt20-hmac-1.6.1-16.27.1
SUSE Linux Enterprise Server 12:libgcrypt20-hmac-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgcrypt20-hmac-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgcrypt20-hmac-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12:libgcrypt20-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12:libgcrypt20-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12:libgcrypt20-hmac-1.6.1-16.27.1
SUSE Linux Enterprise Server for SAP Applications 12:libgcrypt20-hmac-32bit-1.6.1-16.27.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgcrypt-devel-1.6.1-16.27.1
SUSE Linux Enterprise Software Development Kit 12:libgcrypt-devel-1.6.1-16.27.1
moderate
4.3
AV:A/AC:M/Au:N/C:P/I:P/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20161089-1/
https://www.suse.com/security/cve/CVE-2015-7511.html
CVE-2015-7511
https://bugzilla.suse.com/965902
SUSE Bug 965902