Detections
Analytics

openSUSE Security Update : libgcrypt (openSUSE-2015-597)

low Nessus Plugin ID 86090

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

libgcrypt was updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA.

A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries.

GnuPG already performed this check by itself and was not affected.
This fix is equivalent, but not equal to CVE-2015-5738

Solution

Update the affected libgcrypt packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=944835

Plugin Details

Severity: Low

ID: 86090

File Name: openSUSE-2015-597.nasl

Version: 2.3

Type: local

Agent: unix

Published: 9/23/2015

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libgcrypt-cavs, p-cpe:/a:novell:opensuse:libgcrypt-cavs-debuginfo, p-cpe:/a:novell:opensuse:libgcrypt-debugsource, p-cpe:/a:novell:opensuse:libgcrypt-devel, p-cpe:/a:novell:opensuse:libgcrypt-devel-32bit, p-cpe:/a:novell:opensuse:libgcrypt-devel-debuginfo, p-cpe:/a:novell:opensuse:libgcrypt-devel-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgcrypt11, p-cpe:/a:novell:opensuse:libgcrypt11-32bit, p-cpe:/a:novell:opensuse:libgcrypt11-debuginfo, p-cpe:/a:novell:opensuse:libgcrypt11-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgcrypt20, p-cpe:/a:novell:opensuse:libgcrypt20-32bit, p-cpe:/a:novell:opensuse:libgcrypt20-debuginfo, p-cpe:/a:novell:opensuse:libgcrypt20-debuginfo-32bit, p-cpe:/a:novell:opensuse:libgcrypt20-hmac, p-cpe:/a:novell:opensuse:libgcrypt20-hmac-32bit, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/14/2015