File _patchinfo of Package patchinfo.41088
<patchinfo incident="41088">
<issue tracker="bnc" id="1233363">VUL-0: CVE-2024-28885: qatengine: Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.</issue>
<issue tracker="bnc" id="1233366">VUL-0: CVE-2024-33617: qatengine: insufficient control flow management may allow information disclosure via network access</issue>
<issue tracker="bnc" id="1233365">VUL-0: CVE-2024-31074: qatengine: observable timing discrepancy may allow information disclosure via network access</issue>
<issue tracker="cve" id="2024-28885"/>
<issue tracker="cve" id="2024-31074"/>
<issue tracker="cve" id="2024-33617"/>
<packager>duwe</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for qatengine, qatlib</summary>
<description>This update for qatengine, qatlib fixes the following issues:
Note that the 1.6.1 release included in 1.7.0 fixes the following
vulnerabilities:
* bsc#1233363 (CVE-2024-28885)
* bsc#1233365 (CVE-2024-31074)
* bsc#1233366 (CVE-2024-33617)
Update to 1.7.0:
* ipp-crypto name change to cryptography-primitives
* QAT_SW GCM memory leak fix in cleanup function
* Update limitation section in README for v1.7.0 release
* Fix build with OPENSSL_NO_ENGINE
* Fix for build issues with qatprovider in qatlib
* Bug fixes and README updates to v1.7.0
* Remove qat_contig_mem driver support
* Add support for building QAT Engine ENGINE and PROVIDER modules
with QuicTLS 3.x libraries
* Fix for DSA issue with openssl3.2
* Fix missing lower bounds check on index i
* Enabled SW Fallback support for FBSD
* Fix for segfault issue when SHIM config section is unavailable
* Fix for Coverity & Resource leak
* Fix for RSA failure with SVM enabled in openssl-3.2
* SM3 Memory Leak Issue Fix
* Fix qatprovider lib name issue with system openssl
Update to 1.6.0:
* Fix issue with make depend for QAT_SW
* QAT_HW GCM Memleak fix & bug fixes
* QAT2.0 FreeBSD14 intree driver support
* Fix OpenSSL 3.2 compatibility issues
* Optimize hex dump logging
* Clear job tlv on error
* QAT_HW RSA Encrypt and Decrypt provider support
* QAT_HW AES-CCM Provider support
* Add ECDH keymgmt support for provider
* Fix QAT_HW SM2 memory leak
* Enable qaeMemFreeNonZeroNUMA() for qatlib
* Fix polling issue for the process that doesn't have QAT_HW instance
* Fix SHA3 qctx initialization issue & potential memleak
* Fix compilation error in SM2 with qat_contig_mem
* Update year in copyright information to 2024
Update to 1.5.0:
* use new --enable-qat_insecure_algorithms to avoid regressions
* improve support for SM{2,3,4} ciphers
* improve SW fallback support
* many bug fixes, refactorisations and documentation updates
- update to 0.6.18:
* Fix address sanitizer issues
* Fix issues with Babassl & Openssl3.0
* Add QAT_HW SM4 CBC support
* Refactor ECX provider code into single file
* Fix QAT_HW AES-GCM bad mac record & memleak
* Fix SHA3 memory leak
* Fix sm4-cbc build error with system default OpenSSL
* Symmetric performance Optimization & memleak fixes
* Bug fix, README & v0.6.18 Version update
* Please refer README (Software requirements section) for dependent
libraries release version and other information.
- update to v0.6.17:
* Add security policy - c1a7a96
* Add dependancy update tool file - 522c41d
* Release v0.6.17 version update - c1a7a96
* Enable QAT_SW RSA & ECDSA support for BoringSSL - 1035e82
* Fix QAT_SW SM2 ECDSA Performance issue - f44a564
* CPP check and Makefile Bug fixes - 98ccbe8
* Fix buffer overflow issue with SHA3 and ECX - cab65f3
* Update version and README for v0.6.16 - 1c95fd7
* Split --with-qat_sw_install_dir into seperate configures - d5f5656
* Add seperate err files for Boringssl - 1a09627
* Fix QAT_HW & QAT_SW AES-GCM issue with s_server in provider - c775f5c
* Fix issue with disable flags in provider - 2e00636
* Fix coredump issue in provider with qat_sw gcm - 6703c13
* Fix err files regeneration failure - 510f3dc
* Add Provider Support for ChachaPoly and SM2 - a98e51d
* Bug Fixes in testapp and with disable flags. - 0945535
* QAT HW&SW Co-existence dynamic mechanism support. - 5baf5aa
* Fix issue with SIGUSR1 during reload. - 00ea833
* Refactor qat_hw instances based on Sym/Asym capabilities. - bb10128
* Replace deprecated pthread_yield with sched_yield. - d514406
* BoringSSL support for RSA and ECDSA. - 41c67c7
* Fix s_server lseek forever issue with qatprovider. - cb3db21
* Fix aes-cbc failure issue in testapp. - a530427
* Fix glibc version test - 2461966
* Fix issue with generator param and ECDSA verify. - c51fc17
* Provider Support for DSA, DH, HKDF, PRF, SHA3 & aes-cbc - 7cc5eb9
* Fix testapp issues and optimization - e7c2ba8
* Optimize setup and clear async event notification - 573fe48
* Fix Nginx worker process core dump in QAT_SW with pkill/killall -
4eb4473
* Add Cofactor to take optimized path in ECDH API - 9a23c7e
* Fix double free issue with QAT_SW - 1a16708
* Add thread mapping to specific QAT_HW instance - 5ee799a
* OpenSSL 3.0 Provider Support - 38086fa
* Update README and version to v0.6.12 - dca2957
* Fixed worker process hung forever after nginx reload - bfe97aa
* Remove OpenSSL 1.1.0 Support - da8682a
* Add QAT_SW SM2 ECDH & SM3 support - 04a6af2
* QAT_SW ECDSA SM2 sign and verify Support - d44ae7e
* Disable SM3, Bug fixes, Readme & version update - d995046
qatlib was updated to:
Update to 24.09.0:
* Improved performance scaling in multi-thread applications
* Set core affinity mapping based on NUMA
(libnuma now required for building)
* bug fixes, see https://github.com/intel/qatlib#resolved-issues
Version update to 24.02.0
* Support DC NS (NoSession) APIs
* Support Symmetric Crypto SM3 & SM4
* Support Asymmetric Crypto SM2
* Support DC CompressBound APIs
* Bug Fixes. See Resolved section in README.md
Update to 23.11.0:
* use new --enable-legacy-algorithms to avoid regressions
* add support for data compression chaining (hash then compress)
* add support for additional configuration profiles
* add support DC NS (NoSession) APIs
* add support DC CompressBound APIs
* add Support for Chinese SM{2,3,4} ciphers
* bump shared library major to 4
* refactoring, bug fixes and documentation updates
Update to 22.07.2:
* Changed from yasm to nasm for assembly compilation
* Added configuration option to use C implementation of soft CRC
implementation instead of asm
* Added support for pkg-config
* Added missing lock around accesses to some global data in qatmgr
* Fix for QATE-86605 – improve error checking on size param used by qatmgr
debug function.
* Fix for issue #10
* Fixed link to Programmer's Guide
* Added support for Compression LZ4 and LZ4s algorithms
* Added support for Compression end-to-end integrity checks
* Added support for PKE Generic Point Multiply APIs
* Added support for CPM2.0b
* Updated library to support new version of QAT APIs
* Updated qat service to allow compression only and crypto only
configurations
* Created qatlib-tests rpm package
* Added option to configure script to skip building sample code
</description>
</patchinfo>
