SUSE-RU-2025:0915-1: moderate: Recommended update for libgcrypt

SLE-UPDATES null at suse.de
Wed Mar 19 08:30:37 UTC 2025


# Recommended update for libgcrypt

Announcement ID: SUSE-RU-2025:0915-1  
Release Date: 2025-03-19T07:04:11Z  
Rating: moderate  
References:

  * bsc#1220893
  * bsc#1220895
  * bsc#1220896
  * bsc#1225936
  * bsc#1225939
  * bsc#1225941
  * bsc#1225942

  
Affected Products:

  * Basesystem Module 15-SP6
  * openSUSE Leap 15.6
  * SUSE Linux Enterprise Desktop 15 SP6
  * SUSE Linux Enterprise Real Time 15 SP6
  * SUSE Linux Enterprise Server 15 SP6
  * SUSE Linux Enterprise Server for SAP Applications 15 SP6

  
  
An update that has seven fixes can now be installed.

## Description:

This update for libgcrypt fixes the following issues:

  * FIPS: Differentiate non-compliant flags in the SLI [bsc#1225939]
  * FIPS: Implement KAT for non-deterministic ECDSA [bsc#1225939]
  * FIPS: Disable setting the library in non-FIPS mode [bsc#1220893]
  * FIPS: Disallow rsa < 2048 [bsc#1225941]
  * Mark RSA operations with keysize < 2048 as non-approved in the SLI
  * FIPS: Service level indicator for libgcrypt [bsc#1225939]
  * FIPS: Consider deprecate sha1 [bsc#1225942]
  * In FIPS 180-5 revision, NIST announced EOL for SHA-1 and will transition at
    the end of 2030. Mark SHA1 as non-approved in SLI.
  * FIPS: Unnecessary RSA KAT Encryption/Decryption [bsc#1225936]
  * cipher: Do not run RSA encryption selftest by default
  * FIPS: Make sure that Libgcrypt makes use of the built-in Jitter RNG for the
    whole length entropy buffer in FIPS mode. [bsc#1220893]
  * FIPS: Set the FSM into error state if Jitter RNG is returning an error code
    to the caller when an health test error occurs when random bytes are
    requested through the jent_read_entropy_safe() function. [bsc#1220895]
  * FIPS: Replace the built-in jitter rng with standalone version
  * Remove the internal jitterentropy copy [bsc#1220896]

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.6  
    zypper in -t patch SUSE-2025-915=1 openSUSE-SLE-15.6-2025-915=1

  * Basesystem Module 15-SP6  
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-915=1

## Package List:

  * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
    * libgcrypt20-1.10.3-150600.3.3.1
    * libgcrypt-devel-1.10.3-150600.3.3.1
    * libgcrypt20-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt-devel-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt-debugsource-1.10.3-150600.3.3.1
  * openSUSE Leap 15.6 (x86_64)
    * libgcrypt-devel-32bit-1.10.3-150600.3.3.1
    * libgcrypt20-32bit-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt-devel-32bit-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt20-32bit-1.10.3-150600.3.3.1
  * openSUSE Leap 15.6 (aarch64_ilp32)
    * libgcrypt-devel-64bit-1.10.3-150600.3.3.1
    * libgcrypt-devel-64bit-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt20-64bit-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt20-64bit-1.10.3-150600.3.3.1
  * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
    * libgcrypt20-1.10.3-150600.3.3.1
    * libgcrypt-devel-1.10.3-150600.3.3.1
    * libgcrypt20-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt-devel-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt-debugsource-1.10.3-150600.3.3.1
  * Basesystem Module 15-SP6 (x86_64)
    * libgcrypt20-32bit-debuginfo-1.10.3-150600.3.3.1
    * libgcrypt20-32bit-1.10.3-150600.3.3.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1220893
  * https://bugzilla.suse.com/show_bug.cgi?id=1220895
  * https://bugzilla.suse.com/show_bug.cgi?id=1220896
  * https://bugzilla.suse.com/show_bug.cgi?id=1225936
  * https://bugzilla.suse.com/show_bug.cgi?id=1225939
  * https://bugzilla.suse.com/show_bug.cgi?id=1225941
  * https://bugzilla.suse.com/show_bug.cgi?id=1225942

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250319/f29033b0/attachment.htm>


More information about the sle-updates mailing list