opencryptoki-3.21.0-9.el9_3.ML.1

エラータID: AXSA:2024-7597:01

Release date: 
Tuesday, March 12, 2024 - 13:29
Subject: 
opencryptoki-3.21.0-9.el9_3.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.

Security Fix(es):

* opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

Solution: 

Update packages.

CVEs: 
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Additional Info: 

N/A

Download: 

SRPMS
  1. opencryptoki-3.21.0-9.el9_3.ML.1.src.rpm
    MD5: b6cb65dccc0f216145ac81eefe85e501
    SHA-256: ba289a902185c0ce9c9b6b7f45dfd4c42c1a4dce24af2598e0b6a7b59b894366
    Size: 1.74 MB

Asianux Server 9 for x86_64
  1. opencryptoki-3.21.0-9.el9_3.ML.1.x86_64.rpm
    MD5: 2f9833b5d7a18f1b6a2dd3f319d7302f
    SHA-256: cded72c20f3cbd48a1a11fa88e6d45b542c08eb26973ed9c1fb19d441a47267b
    Size: 202.48 kB
  2. opencryptoki-devel-3.21.0-9.el9_3.ML.1.i686.rpm
    MD5: 3533c2c5740a46a5eb8ae40f5769ff96
    SHA-256: bc14fd964e384e1e01d255d7d1ae4776b7ce66880e340e908796fa690f551b1a
    Size: 26.85 kB
  3. opencryptoki-devel-3.21.0-9.el9_3.ML.1.x86_64.rpm
    MD5: 22e9a525c3e5d77e2b80bde151c2f955
    SHA-256: 0892cb4a4eab9aac8c75cc9abadee96e9d500821989f23f7115fef370851518a
    Size: 26.83 kB
  4. opencryptoki-icsftok-3.21.0-9.el9_3.ML.1.x86_64.rpm
    MD5: e28bac86c432a2165c8a6ca9a485bdec
    SHA-256: 0b18301b7fd7c8bbdbfd1df29467a208689e346bcbe0599640230d927d85509e
    Size: 145.71 kB
  5. opencryptoki-libs-3.21.0-9.el9_3.ML.1.i686.rpm
    MD5: 7b6d972dacc358b71752fdb62428bf9e
    SHA-256: 318e0bb6e514f60f43bc949126408efe431b594cccaf83f9f3f9783df7d41d7f
    Size: 82.63 kB
  6. opencryptoki-libs-3.21.0-9.el9_3.ML.1.x86_64.rpm
    MD5: 0eb47f09e9c95afeefbcaf484c310607
    SHA-256: ef667fcaea9084a1c47f5c79a2ddf6cc8059db69b59735eb3c3e68db20962c95
    Size: 86.34 kB
  7. opencryptoki-swtok-3.21.0-9.el9_3.ML.1.x86_64.rpm
    MD5: 4a98e3ad5ea4de2bd58d105e8318565c
    SHA-256: 68099d22f7327b76f30e6621e52a7b48b6db287918f4b16c8ab20885373b58c1
    Size: 230.42 kB