openSUSE Security Update : libgcrypt (openSUSE-2015-566)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes two security vulnerabilities (bsc#920057) :

- Use ciphertext blinding for Elgamal decryption
[CVE-2014-3591]. See
http://www.cs.tau.ac.il/~tromer/radioexp/ for details.

- Fixed data-dependent timing variations in modular
exponentiation [related to CVE-2015-0837, Last-Level
Cache Side-Channel Attacks are Practical]

See also :

http://www.cs.tau.ac.il/~tromer/radioexp/
https://bugzilla.opensuse.org/show_bug.cgi?id=920057

Solution :

Update the affected libgcrypt packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 85835 ()

Bugtraq ID:

CVE ID: CVE-2014-3591
CVE-2015-0837

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now