Security update for libgcrypt SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1596-1 Final 1 1 2015-09-14T13:39:48Z current 2015-09-14T13:39:48Z 2015-09-14T13:39:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libgcrypt libgcrypt was updated to include countermeasures against Lenstra's fault attack on RSA Chinese Remainder Theorem optimization in RSA. A signature verification step was updated to protect against leaks of private keys in case of hardware faults or implementation errors in numeric libraries. GnuPG already performed this check by itself and was not affected. This fix is equivalent, but not equal to CVE-2015-5738 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-09/msg00033.html E-Mail link for openSUSE-SU-2015:1596-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libgcrypt-1.5.4-2.12.1 libgcrypt-devel-1.5.4-2.12.1 libgcrypt-devel-32bit-1.5.4-2.12.1 libgcrypt11-1.5.4-2.12.1 libgcrypt11-32bit-1.5.4-2.12.1 The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. CVE-2015-5738 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-09/msg00033.html https://www.suse.com/security/cve/CVE-2015-5738.html CVE-2015-5738 https://bugzilla.suse.com/944456 SUSE Bug 944456 https://bugzilla.suse.com/944835 SUSE Bug 944835 https://bugzilla.suse.com/944836 SUSE Bug 944836