openSUSE Security Update : libgcrypt (openSUSE-2018-795)
Low Nessus Plugin ID 111545
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for libgcrypt fixes the following issues :
The following security vulnerability was addressed :
- CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410).
The following other issues were fixed :
- Extended the fipsdrv dsa-sign and dsa-verify commands with the
--algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455).
- Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766)
This update was imported from the SUSE:SLE-12:Update update project.
SolutionUpdate the affected libgcrypt packages.