openSUSE Security Update : libgcrypt (openSUSE-SU-2013:1294-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

libgcrypt was updated to 1.5.3 [bnc#831359] to fix a security issue,
bugs and get some new features :

Security issue fixed :

- Mitigate the Yarom/Falkner flush+reload side-channel
attack on RSA secret keys. See

- contains changes from 1.5.2

- The upstream sources now contain the IDEA algorithm,
dropping: idea.c.gz libgcrypt-1.5.0-idea.patch

- Made the Padlock code work again (regression since

- Fixed alignment problems for Serpent.

- Fixed two bugs in ECC computations.

- add GPL3.0+ to License tag because of dumpsexp

- contains changes from 1.5.1

- Allow empty passphrase with PBKDF2.

- Do not abort on an invalid algorithm number in
gcry_cipher_get_algo_keylen and

- Fixed some Valgrind warnings.

- Fixed a problem with select and high fd numbers.

- Improved the build system

- Various minor bug fixes.

- Interface changes relative to the 1.5.0 release:

See also :

Solution :

Update the affected libgcrypt packages.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 75105 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now