Overview

File _patchinfo of Package patchinfo.4929

<patchinfo incident="4929">
  <issue id="1042326" tracker="bnc">VUL-0: libgcrypt: timing attack on EdDSA session key</issue>
  <issue id="931932" tracker="bnc">FIPS: libgcrypt20 - Oops, secure memory pool already initialized</issue>
  <issue id="2017-9526" tracker="cve"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for libgcrypt fixes the following issues:

- CVE-2017-9526: Store the session key in secure memory to ensure that constant
  time point operations are used in the MPI library.  (bsc#1042326)

- Don't require secure memory for the fips selftests, this prevents the
  "Oops, secure memory pool already initialized" warning. (bsc#931932)
</description>
  <summary>Security update for libgcrypt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places