SUSE-SU-2024:2298-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2024/suse-su-20242298-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:2298-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:2298-1
Related
Published
2024-07-04T07:08:40Z
Modified
2024-07-04T07:08:40Z
Summary
Security update for openCryptoki
Details

This update for openCryptoki fixes the following issues:

openCryptoki was updated to version to 3.17.0 (bsc#1220266, bsc#1219217)

  • openCryptoki 3.17

    • tools: added function to list keys to p11sak
    • common: added support for OpenSSL 3.0
    • common: added support for event notifications
    • ICA: added SW fallbacks

  • openCryptoki 3.16

    • EP11: protected-key option
    • EP11: support attribute-bound keys
    • CCA: import and export of secure key objects
    • Bug fixes

  • openCryptoki 3.15.1

    • Bug fixes

  • openCryptoki 3.15

    • common: conform to PKCS 11 3.0 Baseline Provider profile
    • Introduce new vendor defined interface named 'Vendor IBM'
    • Support CIBMReencryptSingle via 'Vendor IBM' interface
    • CCA: support key wrapping
    • SOFT: support ECC
    • p11sak tool: add remove-key command
    • Bug fixes

  • openCryptoki 3.14

    • EP11: Dilitium support stage 2
    • Common: Rework on process and thread locking
    • Common: Rework on btree and object locking
    • ICSF: minor fixes
    • TPM, ICA, ICSF: support multiple token instances
    • new tool p11sak

  • openCryptoki 3.13.0

    • EP11: Dilithium support
    • EP11: EdDSA support
    • EP11: support RSA-OAEP with non-SHA1 hash and MGF

  • openCryptoki 3.12.1

    • Fix pkcsep11_migrate tool

  • openCryptoki 3.12.0

    • Update token pin and data store encryption for soft,ica,cca and ep11
    • EP11: Allow importing of compressed EC public keys
    • EP11: Add support for the CMAC mechanisms
    • EP11: Add support for the IBM-SHA3 mechanisms
    • SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
    • ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
    • EP11: Add config option USE_PRANDOM
    • CCA: Use Random Number Generate Long for tokenspecificrng()
    • Common rng function: Prefer /dev/prandom over /dev/urandom
    • ICA: add SHA*RSAPKCS_PSS mechanisms
    • Bug fixes
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / openCryptoki

Package

Name
openCryptoki
Purl
pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.17.0-5.9.2

Ecosystem specific 

{
    "binaries": [
        {
            "openCryptoki-devel": "3.17.0-5.9.2"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / openCryptoki

Package

Name
openCryptoki
Purl
pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.17.0-5.9.2

Ecosystem specific 

{
    "binaries": [
        {
            "openCryptoki-32bit": "3.17.0-5.9.2",
            "openCryptoki-64bit": "3.17.0-5.9.2",
            "openCryptoki": "3.17.0-5.9.2"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / openCryptoki

Package

Name
openCryptoki
Purl
pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.17.0-5.9.2

Ecosystem specific 

{
    "binaries": [
        {
            "openCryptoki-32bit": "3.17.0-5.9.2",
            "openCryptoki-64bit": "3.17.0-5.9.2",
            "openCryptoki": "3.17.0-5.9.2"
        }
    ]
}