Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE Leap 15.5 SUSE-SU-2024:1447-1 Moderate: OpenCryptoki Security Fix

suse
Calendar Grey April 26, 2024
Dist Suse Esm H88
OpenCryptoki security enhancement release for SUSE classified as moderate urgency. Contains remedies and improvements addressing security vulnerabilities.
* bsc#1219217 * jsc#PED-3360 * jsc#PED-3361 Cross-References:

Summary

## This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217) * Bug fixes * provide user(pkcs11) and group(pkcs11) Upgrade to version 3.22 (jsc#PED-3361) * CCA: Add support for the AES-XTS key type using CPACF protected keys * p11sak: Add support for managing certificate objects * p11sak: Add support for public sessions (no-login option) * p11sak: Add support for logging in as SO (security Officer) * p11sak: Add support for importing/exporting Edwards and Montgomery keys * p11sak: Add support for importing of RSA-PSS keys and certificates * CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different

Topics%20covered

Topics Covered

security advisory update security fix moderate severity timing attack openSUSE Leap openCryptoki

References

* bsc#1219217

* jsc#PED-3360

* jsc#PED-3361

Cross-

* CVE-2024-0914

CVSS scores:

* CVE-2024-0914 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0914 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.5

* Server Applications Module 15-SP5

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise Micro 5.5

* SUSE Linux Enterprise Real Time 15 SP5

* SUSE Linux Enterprise Server 15 SP5

* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability and contains two features can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2024-0914.html

* https://bugzilla.suse.com/show_bug.cgi?id=1219217

Announcement ID: SUSE-SU-2024:1447-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory update security fix moderate severity timing attack openSUSE Leap openCryptoki

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here