access.redhat.com
Open in
urlscan Pro
2a02:26f0:1700:11::b856:678b
Public Scan
URL:
https://access.redhat.com/errata/RHSA-2021:4409
Submission: On April 14 via api from IL — Scanned from DE
Submission: On April 14 via api from IL — Scanned from DE
Form analysis 1 forms found in the DOM
Name: topSearchForm — GET /search/browse/search/
<form class="ng-pristine ng-valid topSearchForm" id="topSearchForm" name="topSearchForm" action="/search/browse/search/" method="get" enctype="application/x-www-form-urlencoded">
<cp-search-autocomplete class="push-bottom" path="/webassets/avalon/j/data.json" pfelement="" type="container"></cp-search-autocomplete>
<div> Or <a href="/support/cases/#/troubleshoot">troubleshoot an issue</a>. </div>
</form>Text Content
Note: Our personalized web services require that your browser be enabled for
JavaScript and cookies
Skip to navigation Skip to main content
UTILITIES
* Subscriptions
* Downloads
* Containers
* Support Cases
* Subscriptions
* Downloads
* Containers
* Support Cases
* Products & Services
PRODUCTS
SUPPORT
* Production Support
* Development Support
* Product Life Cycles
SERVICES
* Consulting
* Technical Account Management
* Training & Certifications
DOCUMENTATION
* Red Hat Enterprise Linux
* Red Hat JBoss Enterprise Application Platform
* Red Hat OpenStack Platform
* Red Hat OpenShift Container Platform
All Documentation
ECOSYSTEM CATALOG
* Red Hat in the Public Cloud
* Partner Resources
* Tools
TOOLS
* Troubleshoot a product issue
* Packages
* Errata
CUSTOMER PORTAL LABS
* Configuration
* Deployment
* Security
* Troubleshoot
All labs
RED HAT INSIGHTS
Increase visibility into IT operations to detect and resolve technical issues
before they impact your business.
Learn More
Go to Insights
* Security
RED HAT PRODUCT SECURITY CENTER
Engage with our Red Hat Product Security team, access security updates, and
ensure your environments are not exposed to any known security
vulnerabilities.
Product Security Center
SECURITY UPDATES
* Security Advisories
* Red Hat CVE Database
* Security Labs
Keep your systems secure with Red Hat's specialized responses to security
vulnerabilities.
View Responses
RESOURCES
* Security Blog
* Security Measurement
* Severity Ratings
* Backporting Policies
* Product Signing (GPG) Keys
* Community
CUSTOMER PORTAL COMMUNITY
* Discussions
* Private Groups
Community Activity
CUSTOMER EVENTS
* Red Hat Convergence
* Red Hat Summit
STORIES
* Red Hat Subscription Value
* You Asked. We Acted.
* Open Source Communities
Or troubleshoot an issue.
English
SELECT YOUR LANGUAGE
* English
* 한국어
* 日本語
* 中文 (中国)
Infrastructure and Management
* Red Hat Enterprise Linux
* Red Hat Virtualization
* Red Hat Identity Management
* Red Hat Directory Server
* Red Hat Certificate System
* Red Hat Satellite
* Red Hat Subscription Management
* Red Hat Update Infrastructure
* Red Hat Insights
* Red Hat Ansible Automation Platform
Cloud Computing
* Red Hat OpenShift
* Red Hat CloudForms
* Red Hat OpenStack Platform
* Red Hat OpenShift Container Platform
* Red Hat OpenShift Data Science
* Red Hat OpenShift Online
* Red Hat OpenShift Dedicated
* Red Hat Advanced Cluster Security for Kubernetes
* Red Hat Advanced Cluster Management for Kubernetes
* Red Hat Quay
* Red Hat CodeReady Workspaces
* Red Hat OpenShift Service on AWS
Storage
* Red Hat Gluster Storage
* Red Hat Hyperconverged Infrastructure
* Red Hat Ceph Storage
* Red Hat OpenShift Data Foundation
Runtimes
* Red Hat Runtimes
* Red Hat JBoss Enterprise Application Platform
* Red Hat Data Grid
* Red Hat JBoss Web Server
* Red Hat Single Sign On
* Red Hat support for Spring Boot
* Red Hat build of Node.js
* Red Hat build of Thorntail
* Red Hat build of Eclipse Vert.x
* Red Hat build of OpenJDK
* Red Hat build of Quarkus
* Red Hat CodeReady Studio
Integration and Automation
* Red Hat Integration
* Red Hat Fuse
* Red Hat AMQ
* Red Hat 3scale API Management
* Red Hat JBoss Data Virtualization
* Red Hat Process Automation
* Red Hat Process Automation Manager
* Red Hat Decision Manager
All Products
All Red Hat
Back to menu
* You are here
RED HAT
Learn about our open source products, services, and company.
* You are here
RED HAT CUSTOMER PORTAL
Get product support and knowledge from the open source experts.
* You are here
RED HAT DEVELOPER
Read developer tutorials and download Red Hat software for cloud application
development.
* You are here
RED HAT PARTNER CONNECT
Become a Red Hat partner and get support in building customer solutions.
--------------------------------------------------------------------------------
* PRODUCTS
* ANSIBLE.COM
Learn about and try our IT automation product.
* TRY, BUY, SELL
* RED HAT HYBRID CLOUD
Access technical how-tos, tutorials, and learning paths focused on Red
Hat’s hybrid cloud managed services.
* RED HAT STORE
Buy select Red Hat products and services online.
* RED HAT MARKETPLACE
Try, buy, sell, and manage certified enterprise software for
container-based environments.
* COMMUNITY & OPEN SOURCE
* THE ENTERPRISERS PROJECT
Read analysis and advice articles written by CIOs, for CIOs.
* OPENSOURCE.COM
Read articles on a range of topics about open source.
*
* RED HAT SUMMIT
Register for and learn about our annual open source IT industry event.
* RED HAT ECOSYSTEM CATALOG
Find hardware, software, and cloud providers―and download container
images―certified to perform with Red Hat technologies.
Red Hat Product Errata RHSA-2021:4409 - Security Advisory
Issued: 2021-11-09 Updated: 2021-11-09
RHSA-2021:4409 - SECURITY ADVISORY
* Overview
* Updated Packages
SYNOPSIS
Moderate: libgcrypt security and bug fix update
TYPE/SEVERITY
Security Advisory: Moderate
RED HAT INSIGHTS PATCH ANALYSIS
Identify and remediate systems affected by this advisory.
View affected systems
TOPIC
An update for libgcrypt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
DESCRIPTION
The libgcrypt library provides general-purpose implementations of various
cryptographic algorithms.
Security Fix(es):
* libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding
to address a side-channel attack against mpi_powm (CVE-2021-33560)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise
Linux 8.5 Release Notes linked from the References section.
SOLUTION
For details on how to apply this update, which includes the changes described in
this advisory, refer to:
https://access.redhat.com/articles/11258
AFFECTED PRODUCTS
* Red Hat Enterprise Linux for x86_64 8 x86_64
* Red Hat Enterprise Linux for IBM z Systems 8 s390x
* Red Hat Enterprise Linux for Power, little endian 8 ppc64le
* Red Hat Enterprise Linux for ARM 64 8 aarch64
FIXES
* BZ - 1970096 - CVE-2021-33560 libgcrypt: mishandles ElGamal encryption
because it lacks exponent blinding to address a side-channel attack against
mpi_powm
* BZ - 1976137 - Enable hardware optimizations in FIPS mode
CVES
* CVE-2021-33560
REFERENCES
* https://access.redhat.com/security/updates/classification/#moderate
* https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
Note: More recent versions of these packages may be available. Click a package
name for more details.
RED HAT ENTERPRISE LINUX FOR X86_64 8
SRPM libgcrypt-1.8.5-6.el8.src.rpm SHA-256:
80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f x86_64
libgcrypt-1.8.5-6.el8.i686.rpm SHA-256:
7158264fc3b5dca38ff6a98a176c196a13ce479488ade3d90b0f06e63e2c411b
libgcrypt-1.8.5-6.el8.x86_64.rpm SHA-256:
9200b1ded4ac896b96afe0fa4fcb31e528362913bc0315d223faf75b4d60a0ac
libgcrypt-debuginfo-1.8.5-6.el8.i686.rpm SHA-256:
b82b99ab64a2b42b7ec1cd24328e203e21c34537de3ec100e8b72c967ed3f9b0
libgcrypt-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256:
49c571ccc7dcc0958de393198cf05918fba45eaedfc7e83f8a93819a9b9bd414
libgcrypt-debugsource-1.8.5-6.el8.i686.rpm SHA-256:
1cb42cc143a4f85c62877336c749c4c32d62ffefc66b36fb496cd38072ca63df
libgcrypt-debugsource-1.8.5-6.el8.x86_64.rpm SHA-256:
55b9bd3950838408e4b02b04d9602adeb34ae9b6410c1c4f4d56917af183959b
libgcrypt-devel-1.8.5-6.el8.i686.rpm SHA-256:
929cc906468b9db747614d20e6f705171080d237ec1ce4b16ced5875c1a8f82c
libgcrypt-devel-1.8.5-6.el8.x86_64.rpm SHA-256:
7747dda24ff16d69eb3b56a0e1bb43da9ac5b22884f3f2f619c0e8cadb9464a0
libgcrypt-devel-debuginfo-1.8.5-6.el8.i686.rpm SHA-256:
51c329bcf9f8feb47f2af0a1906f0ede18e82692ffcffb5bd745aa7631b06a38
libgcrypt-devel-debuginfo-1.8.5-6.el8.x86_64.rpm SHA-256:
b4fd9840e90a899076d93020dc134522100b349ab5905f1230f4d310cb9911ff
RED HAT ENTERPRISE LINUX FOR IBM Z SYSTEMS 8
SRPM libgcrypt-1.8.5-6.el8.src.rpm SHA-256:
80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f s390x
libgcrypt-1.8.5-6.el8.s390x.rpm SHA-256:
1092fb8658d85bb915ea2db3c7a1ebf6830c256c86a691c0261fdbd4cb089db6
libgcrypt-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256:
89c2239d04ffb020849110665b36de57f95d056932159d33522d8c701c5e7c85
libgcrypt-debugsource-1.8.5-6.el8.s390x.rpm SHA-256:
f476282c2de800e6de5d56f4090db5bcef5e33981003d404c18257b2517aeaf8
libgcrypt-devel-1.8.5-6.el8.s390x.rpm SHA-256:
417a17d6dd723b5b6e43364b7cdd86eec5e52d34e707682e691127167d64f452
libgcrypt-devel-debuginfo-1.8.5-6.el8.s390x.rpm SHA-256:
f6d85148ab8b52933e355b08f3b81b105cd74ca2ca48a70d36ff2273d62d982f
RED HAT ENTERPRISE LINUX FOR POWER, LITTLE ENDIAN 8
SRPM libgcrypt-1.8.5-6.el8.src.rpm SHA-256:
80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f ppc64le
libgcrypt-1.8.5-6.el8.ppc64le.rpm SHA-256:
4e0265b0f4920b369ab07dc5c702b382689b79724f16e4951027735a3004fd53
libgcrypt-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256:
eee7ccfc1d015b0281964963521550aa4be00e2d9a1190ef4e40e8de3a1833fd
libgcrypt-debugsource-1.8.5-6.el8.ppc64le.rpm SHA-256:
21676df388910d05719bac62d59f7d24f7b3039897a3b9c72cd04c9f03a6fef9
libgcrypt-devel-1.8.5-6.el8.ppc64le.rpm SHA-256:
0abbdd5b5e74f47a193928f817c0b5641fd9edfbf4d0049f3fe22b6833cab6bd
libgcrypt-devel-debuginfo-1.8.5-6.el8.ppc64le.rpm SHA-256:
498cd34ae10c2f896d4a1a2c291aaef0cc3f5c17a3470ca55b1bf609f4f4efc9
RED HAT ENTERPRISE LINUX FOR ARM 64 8
SRPM libgcrypt-1.8.5-6.el8.src.rpm SHA-256:
80e846527ba0bdd23142da8021fb7067a76db97dfa8ceb210e84c59b25cedc7f aarch64
libgcrypt-1.8.5-6.el8.aarch64.rpm SHA-256:
730e00f0848e693fe3538de6cbd420e8ccc294b36b0e11d3196e7ceac2977461
libgcrypt-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256:
7264aa40ef162b317db2458f5ffdaa25841dd8bbc95d24b76fe7b40c9f779ba3
libgcrypt-debugsource-1.8.5-6.el8.aarch64.rpm SHA-256:
8184a2ace93e1359f82ad4f7ac9586edb8315cab8f7c67f4f2fe4bf8366fbf63
libgcrypt-devel-1.8.5-6.el8.aarch64.rpm SHA-256:
6bae8dd74e98ebedd195983f4dba4b11b35727829c23317ad279456482255c56
libgcrypt-devel-debuginfo-1.8.5-6.el8.aarch64.rpm SHA-256:
5eab10177d012b2a724cb3d5e79281bfb9207903e6f5de0837e49ec794505033
The Red Hat security contact is secalert@redhat.com. More contact details at
https://access.redhat.com/security/team/contact/.
Red Hat
QUICK LINKS
* Downloads
* Subscriptions
* Support Cases
* Customer Service
* Product Documentation
HELP
* Contact Us
* Customer Portal FAQ
* Log-in Assistance
SITE INFO
* Trust Red Hat
* Browser Support Policy
* Accessibility
* Awards and Recognition
* Colophon
RELATED SITES
* redhat.com
* developers.redhat.com
* connect.redhat.com
* cloud.redhat.com
ABOUT
* Red Hat Subscription Value
* About Red Hat
* Red Hat Jobs
All systems operational
Copyright © 2022 Red Hat, Inc.
* Privacy Statement
* Customer Portal Terms of Use
* All Policies and Guidelines
* Cookie-Präferenzen
Twitter