opencryptoki-3.21.0-10.el8_9.ML.1

エラータID: AXSA:2024-7646:02

Release date: 
Thursday, April 4, 2024 - 13:30
Subject: 
opencryptoki-3.21.0-10.el8_9.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.

Security Fix(es):

* opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin) (CVE-2024-0914)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.

Solution: 

Update packages.

CVEs: 
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Additional Info: 

N/A

Download: 

SRPMS
  1. opencryptoki-3.21.0-10.el8_9.ML.1.src.rpm
    MD5: 34dfacf556fb024e2753e8975a9dcc32
    SHA-256: d94cfd0e6728fcc85ab7993e82ec12f3d0e06c13b9f63ec2535256664945e941
    Size: 1.75 MB

Asianux Server 8 for x86_64
  1. opencryptoki-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: 8f9042761e2299a7f1234e034536a2e0
    SHA-256: 638a8475837a7b2e0de7ecde33bb91da10f3b077a40c662aef4deec5e5549743
    Size: 218.38 kB
  2. opencryptoki-devel-3.21.0-10.el8_9.ML.1.i686.rpm
    MD5: 864bb12e6336f24d0ccdc113a1f35fa0
    SHA-256: 2aed5b1eb6f6fb503a34023f963394c8bed3e1f3b58465e1af218a3805f91174
    Size: 38.39 kB
  3. opencryptoki-devel-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: 42b8d85ef324f8388a0abf0cea4d0fb9
    SHA-256: b10d936dbb380782b6b07db340a57504798719f1ba740ab0ff423e3822a700db
    Size: 38.35 kB
  4. opencryptoki-icsftok-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: cecf4c3180888349a508e7b241df5d16
    SHA-256: cc746d730c59c88414553dbc34878bf249b0ed3bde5110cd44e05229ddb0f681
    Size: 344.32 kB
  5. opencryptoki-libs-3.21.0-10.el8_9.ML.1.i686.rpm
    MD5: 042d618b3cd7c30a416e2030e9f1ecc2
    SHA-256: 3a9f585b7a548088ad59aeeba61cd724752ec27386896558418e95eca6abd493
    Size: 97.82 kB
  6. opencryptoki-libs-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: 3195c739e3eed6e895f9c8f2655d1943
    SHA-256: bc665c1e458b453eaae82bd8b30ee903ffdf0b3ab4273c5c5475c6e1ba33b4ad
    Size: 100.68 kB
  7. opencryptoki-swtok-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: 893fac9746d5569625e783145557d854
    SHA-256: 412435a0d89a2779a08b52a8046532a15a36681978df49630c5f2b6216a2f329
    Size: 264.02 kB
  8. opencryptoki-tpmtok-3.21.0-10.el8_9.ML.1.x86_64.rpm
    MD5: 633a1ad120e7fa478ddb5fdd80878283
    SHA-256: 105f4cf112ff8a75cd2a421ccf56fe6b665fe1ae09247a321c121a5e9995341a
    Size: 280.30 kB