File _patchinfo of Package patchinfo.41074
<patchinfo incident="41074">
<issue tracker="bnc" id="1233366">VUL-0: CVE-2024-33617: qatengine: insufficient control flow management may allow information disclosure via network access</issue>
<issue tracker="bnc" id="1233365">VUL-0: CVE-2024-31074: qatengine: observable timing discrepancy may allow information disclosure via network access</issue>
<issue tracker="bnc" id="1233363">VUL-0: CVE-2024-28885: qatengine: Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.</issue>
<issue tracker="cve" id="2024-28885"/>
<issue tracker="cve" id="2024-33617"/>
<issue tracker="cve" id="2024-31074"/>
<packager>duwe</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for qatengine, qatlib</summary>
<description>This update for qatengine, qatlib fixes the following issues:
Note that the 1.6.1 release included in 1.7.0 fixes the following
vulnerabilities:
* bsc#1233363 (CVE-2024-28885)
* bsc#1233365 (CVE-2024-31074)
* bsc#1233366 (CVE-2024-33617)
Update to 1.7.0:
* ipp-crypto name change to cryptography-primitives
* QAT_SW GCM memory leak fix in cleanup function
* Update limitation section in README for v1.7.0 release
* Fix build with OPENSSL_NO_ENGINE
* Fix for build issues with qatprovider in qatlib
* Bug fixes and README updates to v1.7.0
* Remove qat_contig_mem driver support
* Add support for building QAT Engine ENGINE and PROVIDER modules
with QuicTLS 3.x libraries
* Fix for DSA issue with openssl3.2
* Fix missing lower bounds check on index i
* Enabled SW Fallback support for FBSD
* Fix for segfault issue when SHIM config section is unavailable
* Fix for Coverity & Resource leak
* Fix for RSA failure with SVM enabled in openssl-3.2
* SM3 Memory Leak Issue Fix
* Fix qatprovider lib name issue with system openssl
Update to 1.6.0:
* Fix issue with make depend for QAT_SW
* QAT_HW GCM Memleak fix & bug fixes
* QAT2.0 FreeBSD14 intree driver support
* Fix OpenSSL 3.2 compatibility issues
* Optimize hex dump logging
* Clear job tlv on error
* QAT_HW RSA Encrypt and Decrypt provider support
* QAT_HW AES-CCM Provider support
* Add ECDH keymgmt support for provider
* Fix QAT_HW SM2 memory leak
* Enable qaeMemFreeNonZeroNUMA() for qatlib
* Fix polling issue for the process that doesn't have QAT_HW instance
* Fix SHA3 qctx initialization issue & potential memleak
* Fix compilation error in SM2 with qat_contig_mem
* Update year in copyright information to 2024
Update to 1.5.0:
* use new --enable-qat_insecure_algorithms to avoid regressions
* improve support for SM{2,3,4} ciphers
* improve SW fallback support
* many bug fixes, refactorisations and documentation updates
qatlib was updated to 24.09.0:
* Improved performance scaling in multi-thread applications
* Set core affinity mapping based on NUMA
(libnuma now required for building)
* bug fixes, see https://github.com/intel/qatlib#resolved-issues
version update to 24.02.0:
* Support DC NS (NoSession) APIs
* Support Symmetric Crypto SM3 & SM4
* Support Asymmetric Crypto SM2
* Support DC CompressBound APIs
* Bug Fixes. See Resolved section in README.md
update to 23.11.0:
* use new --enable-legacy-algorithms to avoid regressions
* add support for data compression chaining (hash then compress)
* add support for additional configuration profiles
* add support DC NS (NoSession) APIs
* add support DC CompressBound APIs
* add Support for Chinese SM{2,3,4} ciphers
* bump shared library major to 4
* refactoring, bug fixes and documentation updates
</description>
</patchinfo>
