Security update for libgcrypt
This update for libgcrypt fixes the following issues:
- CVE-2017-9526: Store the session key in secure memory to ensure that constant
time point operations are used in the MPI library. (bsc#1042326)
- Don't require secure memory for the fips selftests, this prevents the
"Oops, secure memory pool already initialized" warning. (bsc#931932)
This update was imported from the SUSE:SLE-12:Update update project.
- Submitted by Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1042326
VUL-0: libgcrypt: timing attack on EdDSA session key
bnc#931932
FIPS: libgcrypt20 - Oops, secure memory pool already initialized