Issued:
2021-11-09
Updated:
2021-11-09

RHSA-2021:4409 - Security Advisory

Synopsis

Moderate: libgcrypt security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libgcrypt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms.

Security Fix(es):

  • libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 1970096 - CVE-2021-33560 libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
  • BZ - 1976137 - Enable hardware optimizations in FIPS mode

Red Hat Enterprise Linux for x86_64 8

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256: 7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256: 9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: 49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256: 1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256: 55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256: 929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256: 7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: 51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256: 7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256: 9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: 49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256: 1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256: 55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256: 929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256: 7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: 51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256: 7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256: 9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: 49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256: 1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256: 55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256: 929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256: 7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: 51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
s390x
libgcrypt-1.8.5-6.el8.s390x.rpm SHA-256: 1092fb8658d85bb915ea2db3c7a1ebf6830c256c86a691c0261fdbd4cb089db6
libgcrypt-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256: 89c2239d04ffb020849110665b36de57f95d056932159d33522d8c701c5e7c85
libgcrypt-debugsource-1.8.5-6.el8.s390x.rpm SHA-256: f476282c2de800e6de5d56f4090db5bcef5e33981003d404c18257b2517aeaf8
libgcrypt-devel-1.8.5-6.el8.s390x.rpm SHA-256: 417a17d6dd723b5b6e43364b7cdd86eec5e52d34e707682e691127167d64f452
libgcrypt-devel-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256: f6d85148ab8b52933e355b08f3b81b105cd74ca2ca48a70d36ff2273d62d982f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
s390x
libgcrypt-1.8.5-6.el8.s390x.rpm SHA-256: 1092fb8658d85bb915ea2db3c7a1ebf6830c256c86a691c0261fdbd4cb089db6
libgcrypt-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256: 89c2239d04ffb020849110665b36de57f95d056932159d33522d8c701c5e7c85
libgcrypt-debugsource-1.8.5-6.el8.s390x.rpm SHA-256: f476282c2de800e6de5d56f4090db5bcef5e33981003d404c18257b2517aeaf8
libgcrypt-devel-1.8.5-6.el8.s390x.rpm SHA-256: 417a17d6dd723b5b6e43364b7cdd86eec5e52d34e707682e691127167d64f452
libgcrypt-devel-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256: f6d85148ab8b52933e355b08f3b81b105cd74ca2ca48a70d36ff2273d62d982f

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
ppc64le
libgcrypt-1.8.5-6.el8.ppc64le.rpm SHA-256: 4e0265b0f4920b369ab07dc5c702b382689b79724f16e4951027735a3004fd53
libgcrypt-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: eee7ccfc1d015b0281964963521550aa4be00e2d9a1190ef4e40e8de3a1833fd
libgcrypt-debugsource-1.8.5-6.el8.ppc64le.rpm SHA-256: 21676df388910d05719bac62d59f7d24f7b3039897a3b9c72cd04c9f03a6fef9
libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm SHA-256: 0abbdd5b5e74f47a193928f817c0b5641fd9edfbf4d0049f3fe22b6833cab6bd
libgcrypt-devel-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: 498cd34ae10c2f896d4a1a2c291aaef0cc3f5c17a3470ca55b1bf609f4f4efc9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
ppc64le
libgcrypt-1.8.5-6.el8.ppc64le.rpm SHA-256: 4e0265b0f4920b369ab07dc5c702b382689b79724f16e4951027735a3004fd53
libgcrypt-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: eee7ccfc1d015b0281964963521550aa4be00e2d9a1190ef4e40e8de3a1833fd
libgcrypt-debugsource-1.8.5-6.el8.ppc64le.rpm SHA-256: 21676df388910d05719bac62d59f7d24f7b3039897a3b9c72cd04c9f03a6fef9
libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm SHA-256: 0abbdd5b5e74f47a193928f817c0b5641fd9edfbf4d0049f3fe22b6833cab6bd
libgcrypt-devel-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: 498cd34ae10c2f896d4a1a2c291aaef0cc3f5c17a3470ca55b1bf609f4f4efc9

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256: 7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256: 9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: 49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256: 1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256: 55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256: 929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256: 7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: 51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff

Red Hat Enterprise Linux for ARM 64 8

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
aarch64
libgcrypt-1.8.5-6.el8.aarch64.rpm SHA-256: 730e00f0848e693fe3538de6cbd420e8ccc294b36b0e11d3196e7ceac2977461
libgcrypt-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256: 7264aa40ef162b317db2458f5ffdaa25841dd8bbc95d24b76fe7b40c9f779ba3
libgcrypt-debugsource-1.8.5-6.el8.aarch64.rpm SHA-256: 8184a2ace93e1359f82ad4f7ac9586edb8315cab8f7c67f4f2fe4bf8366fbf63
libgcrypt-devel-1.8.5-6.el8.aarch64.rpm SHA-256: 6bae8dd74e98ebedd195983f4dba4b11b35727829c23317ad279456482255c56
libgcrypt-devel-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256: 5eab10177d012b2a724cb3d5e79281bfb9207903e6f5de0837e49ec794505033

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
aarch64
libgcrypt-1.8.5-6.el8.aarch64.rpm SHA-256: 730e00f0848e693fe3538de6cbd420e8ccc294b36b0e11d3196e7ceac2977461
libgcrypt-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256: 7264aa40ef162b317db2458f5ffdaa25841dd8bbc95d24b76fe7b40c9f779ba3
libgcrypt-debugsource-1.8.5-6.el8.aarch64.rpm SHA-256: 8184a2ace93e1359f82ad4f7ac9586edb8315cab8f7c67f4f2fe4bf8366fbf63
libgcrypt-devel-1.8.5-6.el8.aarch64.rpm SHA-256: 6bae8dd74e98ebedd195983f4dba4b11b35727829c23317ad279456482255c56
libgcrypt-devel-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256: 5eab10177d012b2a724cb3d5e79281bfb9207903e6f5de0837e49ec794505033

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
ppc64le
libgcrypt-1.8.5-6.el8.ppc64le.rpm SHA-256: 4e0265b0f4920b369ab07dc5c702b382689b79724f16e4951027735a3004fd53
libgcrypt-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: eee7ccfc1d015b0281964963521550aa4be00e2d9a1190ef4e40e8de3a1833fd
libgcrypt-debugsource-1.8.5-6.el8.ppc64le.rpm SHA-256: 21676df388910d05719bac62d59f7d24f7b3039897a3b9c72cd04c9f03a6fef9
libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm SHA-256: 0abbdd5b5e74f47a193928f817c0b5641fd9edfbf4d0049f3fe22b6833cab6bd
libgcrypt-devel-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256: 498cd34ae10c2f896d4a1a2c291aaef0cc3f5c17a3470ca55b1bf609f4f4efc9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
libgcrypt-1.8.5-6.el8.src.rpm SHA-256: 80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f
x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256: 7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256: 9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: 49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256: 1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256: 55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256: 929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256: 7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256: 51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256: b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.