Overview

File _patchinfo of Package patchinfo.7109

<patchinfo incident="7109">
  <issue id="1064455" tracker="bnc">FIPS: libgcrypt: issue with CAVS testing of DSA SigVer and SigGen</issue>
  <issue id="1090766" tracker="bnc">libgcrypt20 should "Suggest" its -hmac package to avoid dependency issues during updates</issue>
  <issue id="1097410" tracker="bnc"></issue>
  <issue id="2018-0495" tracker="cve"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for libgcrypt fixes the following issues:

The following security vulnerability was addressed:

- CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for
  ECDSA signatures (bsc#1097410).

The following other issues were fixed:

- Extended the fipsdrv dsa-sign and dsa-verify commands with the
  --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455).
- Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766)
</description>
  <summary>Security update for libgcrypt</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places