--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-33f8ebd09c
2021-09-02 23:45:36.565238
--------------------------------------------------------------------------------

Name        : opencryptoki
Product     : Fedora 34
Version     : 3.16.0
Release     : 2.fc34
URL         : https://github.com/opencryptoki/opencryptoki
Summary     : Implementation of the PKCS#11 (Cryptoki) specification v2.11
Description :
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities.

--------------------------------------------------------------------------------
Update Information:

When constructing an OpenSSL EC public or private key from PKCS#11 attributes or
ECDH public data, check that the key is valid, i.e. that the point is on the
curve. This prevents one from creating an EC key object via C_CreateObject with
invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH
with an EC public key (public data) that uses a different curve or is invalid by
other means.  The problem is fixed in opencryptoki-3.16.0-2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 24 2021 Than Ngo  - 3.16.0-2
- Fixed bz#1990592, allows invalid curve attacks via a specially crafted key
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1990591 - opencryptoki: allows invalid curve attacks via a specially crafted key
        https://bugzilla.redhat.com/show_bug.cgi?id=1990591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-33f8ebd09c' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure