Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia: 2021-0492 Moderate: Opencryptoki Invalid Curve Attack

mageia
Calendar Grey October 27, 2021
Dist Mageia Esm H88
OpenCryptoki upgrade mitigates EC key management issue enabling possible flawed curve exploitation. Discover further insights for specifics.
It was discovered that openCryptoki incorrectly handled certain EC keys

Summary

It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack. References: - https://bugs.mageia.org/show_bug.cgi?id=29328

References

- https://bugs.mageia.org/show_bug.cgi?id=29328

- https://ubuntu.com/security/notices/USN-5031-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FLP3UNIVGYENSFGVADMQ2IYP4A3TDYJC/

Resolution

SRPMS

- 8/core/opencryptoki-3.15.1-1.1.mga8

Publication date: 27 Oct 2021
URL: https://advisories.mageia.org/MGASA-2021-0492.html
Type: security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here