File _patchinfo of Package patchinfo.32966
<patchinfo incident="32966"> <issue tracker="jsc" id="PED-3361"/> <issue tracker="jsc" id="PED-3360"/> <issue tracker="bnc" id="1219217">VUL-0: CVE-2024-0914: openCryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)</issue> <issue tracker="cve" id="2024-0914"></issue> <packager>ngueorguiev</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for openCryptoki</summary> <description>This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217) * Bug fixes - provide user(pkcs11) and group(pkcs11) Upgrade to version 3.22 (jsc#PED-3361) - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes </description> </patchinfo>
