This update for openCryptoki fixes the following issues
Upgrade openCryptoki to version 3.27 (jsc#PED-14609):
* Add base support for PKCS#11 v3.2.
* Add support for PKCS#11 v3.2 C_VerifySignature[Init|Update|Final].
* Add support for PKCS#11 v3.2 C_EncapsulateKey/C_DecapsulateKey.
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with RSA-PKCS and RSA-OAEP mechanisms.
* Soft/ICA/CCA/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the ECDH mechanism.
* Soft/EP11: Add support for PKCS#11 v3.2 en-/decapsulate with the DH-PKCS mechanism.
* Soft: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types and mechanisms (requires OpenSSL 3.5 or later, or
the OQS-provider must be configured).
* CCA: Add support for PKCS#11 v3.2 ML-DSA key type and mechanisms (requires CCA v8.4 or later)
* EP11: Add support for PKCS#11 v3.2 ML-DSA and ML-KEM key types and mechanisms (requires an EP11 host library v4.2 or later,
and a CEX8P crypto card with firmware v9.6 or...
Read the Full Advisory- openSUSE Leap 16.0:
openCryptoki-3.27.0-160000.1.1
openCryptoki-64bit-3.27.0-160000.1.1
openCryptoki-devel-3.27.0-160000.1.1
* bsc#1268745
References:
* https://www.suse.com/security/cve/CVE-2026-22791.html
* https://www.suse.com/security/cve/CVE-2026-23893.html
* https://www.suse.com/security/cve/CVE-2026-40253.html
Get the latest Linux and open source security news straight to your inbox.