Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2019.1859.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2019:1859-1)
Summary:The remote host is missing an update for the 'libgcrypt' package(s) announced via the SUSE-SU-2019:1859-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libgcrypt' package(s) announced via the SUSE-SU-2019:1859-1 advisory.

Vulnerability Insight:
This update for libgcrypt fixes the following issues:

Security issues fixed:
CVE-2019-12904: The C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.) (bsc#1138939)

Other bugfixes:
Don't run full FIPS self-tests from constructor (bsc#1097073)

Skip all the self-tests except for binary integrity when called from the
constructor (bsc#1097073)

Enforce the minimal RSA keygen size in fips mode (bsc#1125740)

avoid executing some tests twice.

Fixed a race condition in initialization.

Fixed env-script-interpreter in cavs_driver.pl

Fixed redundant fips tests in some situations causing failure to boot in
fips mode. (bsc#1097073)

This helps during booting of the system in FIPS mode with insufficient entropy.

Affected Software/OS:
'libgcrypt' package(s) on SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Basesystem 15

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-12904
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.