Test ID:	1.3.6.1.4.1.25623.1.1.4.2015.1179.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2015:1179-1)
Summary:	The remote host is missing an update for the 'libgcrypt' package(s) announced via the SUSE-SU-2015:1179-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libgcrypt' package(s) announced via the SUSE-SU-2015:1179-1 advisory. Vulnerability Insight: This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption (CVE-2014-3591) FIPS 140-2 related changes: * The library performs its self-tests when the module is complete (the -hmac file is also installed). * Added a NIST 800-90a compliant DRBG. * Change DSA key generation to be FIPS 186-4 compliant. * Change RSA key generation to be FIPS 186-4 compliant. * Enable HW support in fips mode (bnc#896435) * Make DSA selftest use 2048 bit keys (bnc#898003) * Added ECDSA selftests and add support for it to the CAVS testing framework (bnc#896202) * Various CAVS testing improvements. Affected Software/OS: 'libgcrypt' package(s) on SUSE Linux Enterprise Desktop 12, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server for SAP Applications 12. Solution: Please install the updated package(s). CVSS Score: 1.9 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3591 http://www.cs.tau.ac.il/~tromer/radioexp/ http://www.debian.org/security/2015/dsa-3184 http://www.debian.org/security/2015/dsa-3185 https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.