This update fixes two security vulnerabilities (CVE-2014-3591,CVE-2015-0837) SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1503-1 Final 1 1 2015-08-26T15:36:05Z current 2015-08-26T15:36:05Z 2015-08-26T15:36:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z This update fixes two security vulnerabilities (CVE-2014-3591,CVE-2015-0837) This update fixes two security vulnerabilities (bsc#920057): * Use ciphertext blinding for Elgamal decryption [CVE-2014-3591]. See http://www.cs.tau.ac.il/~tromer/radioexp/ for details. * Fixed data-dependent timing variations in modular exponentiation [related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-09/msg00005.html E-Mail link for openSUSE-SU-2015:1503-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libgcrypt-1.5.4-2.8.1 libgcrypt-devel-1.5.4-2.8.1 libgcrypt-devel-32bit-1.5.4-2.8.1 libgcrypt11-1.5.4-2.8.1 libgcrypt11-32bit-1.5.4-2.8.1 Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. CVE-2014-3591 moderate 4.3 AV:A/AC:H/Au:S/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-09/msg00005.html https://www.suse.com/security/cve/CVE-2014-3591.html CVE-2014-3591 https://bugzilla.suse.com/920057 SUSE Bug 920057 https://bugzilla.suse.com/949135 SUSE Bug 949135 The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." CVE-2015-0837 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-09/msg00005.html https://www.suse.com/security/cve/CVE-2015-0837.html CVE-2015-0837 https://bugzilla.suse.com/920057 SUSE Bug 920057