SUSE-CU-2025:1854-1: Recommended update of suse/sle15

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Mar 19 14:43:50 UTC 2025 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1854-1
Container Tags        : bci/bci-base:15.6 , bci/bci-base:15.6.47.20.18 , suse/sle15:15.6 , suse/sle15:15.6.47.20.18
Container Release     : 47.20.18
Severity              : moderate
Type                  : recommended
References            : 1220893 1220895 1220896 1225936 1225939 1225941 1225942 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:915-1
Released:    Wed Mar 19 08:04:05 2025
Summary:     Recommended update for libgcrypt
Type:        recommended
Severity:    moderate
References:  1220893,1220895,1220896,1225936,1225939,1225941,1225942
This update for libgcrypt fixes the following issues:

- FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
- FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
- FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
- FIPS: Disallow rsa < 2048 [bsc#1225941]
  * Mark RSA operations with keysize < 2048 as non-approved in the SLI
- FIPS: Service level indicator for libgcrypt [bsc#1225939]
- FIPS: Consider deprecate sha1 [bsc#1225942]
  * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will
    transition at the end of 2030. Mark SHA1 as non-approved in SLI.
- FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
  * cipher: Do not run RSA encryption selftest by default
- FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG
  for the whole length entropy buffer in FIPS mode. [bsc#1220893]
- FIPS: Set the FSM into error state if Jitter RNG is returning an
  error code to the caller when an health test error occurs when
  random bytes are requested through the jent_read_entropy_safe()
  function. [bsc#1220895]
- FIPS: Replace the built-in jitter rng with standalone version
  * Remove the internal jitterentropy copy [bsc#1220896]


The following package changes have been done:

- libgcrypt20-1.10.3-150600.3.3.1 updated

More information about the sle-container-updates mailing list