openSUSE Leap 16.0 openCryptoki Security Patch CVE-2026-40253
opensuse
May 8, 2026
An update that solves one vulnerability and has 2 bug fixes can now be installed.
Description
This update for openCryptoki fixes the following issues
Security issue:
- CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects
(bsc#1262283).
Non security issue:
- Refactored .spec file to fully support transactional and immutable operating systems
(jsc#PED-14609):
* Migrated user and group creation (pkcs11, pkcsslotd) from imperative %pre shell commands to
declarative systemd-sysusers configuration.
* Replaced manual /var directory tracking and %ghost directives with
comprehensive systemd-tmpfiles configurations.
* Implemented dynamic, architecture-specific tmpfiles.d generation to properly provision
hardware-specific token directories (e.g., ccatok, ep11tok, lite, and HSM_MK_CHANGE).
- Fixed permissions for /run/opencryptoki within tmpfiles.d to ensure the
daemon can successfully drop privileges and bind its communication socket.
* Moved 32-bit and 64-bit shared library symlink creation (such as PKCS11_API.so, stdll, and methods)
from %post...
Read the Full Advisory
Topics Covered
Patch
Package List
- openSUSE Leap 16.0:
openCryptoki-3.26.0-160000.2.1
openCryptoki-64bit-3.26.0-160000.2.1
openCryptoki-devel-3.26.0-160000.2.1
References
* bsc#1262283
* bsc#1263819
References:
* https://www.suse.com/security/cve/CVE-2026-40253.html
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2026:20699-1
Rating: moderate
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!