SUSE-SU-2024:2298-1: moderate: Security update for openCryptoki
SLE-UPDATES
null at suse.de
Thu Jul 4 08:30:04 UTC 2024
# Security update for openCryptoki
Announcement ID: SUSE-SU-2024:2298-1
Rating: moderate
References:
* bsc#1219217
* bsc#1220266
Cross-References:
* CVE-2024-0914
CVSS scores:
* CVE-2024-0914 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-0914 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for openCryptoki fixes the following issues:
openCryptoki was updated to version to 3.17.0 (bsc#1220266, bsc#1219217)
* openCryptoki 3.17
* tools: added function to list keys to p11sak
* common: added support for OpenSSL 3.0
* common: added support for event notifications
* ICA: added SW fallbacks
* openCryptoki 3.16
* EP11: protected-key option
* EP11: support attribute-bound keys
* CCA: import and export of secure key objects
* Bug fixes
* openCryptoki 3.15.1
* Bug fixes
* openCryptoki 3.15
* common: conform to PKCS 11 3.0 Baseline Provider profile
* Introduce new vendor defined interface named "Vendor IBM"
* Support C_IBM_ReencryptSingle via "Vendor IBM" interface
* CCA: support key wrapping
* SOFT: support ECC
* p11sak tool: add remove-key command
* Bug fixes
* openCryptoki 3.14
* EP11: Dilitium support stage 2
* Common: Rework on process and thread locking
* Common: Rework on btree and object locking
* ICSF: minor fixes
* TPM, ICA, ICSF: support multiple token instances
* new tool p11sak
* openCryptoki 3.13.0
* EP11: Dilithium support
* EP11: EdDSA support
* EP11: support RSA-OAEP with non-SHA1 hash and MGF
* openCryptoki 3.12.1
* Fix pkcsep11_migrate tool
* openCryptoki 3.12.0
* Update token pin and data store encryption for soft,ica,cca and ep11
* EP11: Allow importing of compressed EC public keys
* EP11: Add support for the CMAC mechanisms
* EP11: Add support for the IBM-SHA3 mechanisms
* SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
* ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
* EP11: Add config option USE_PRANDOM
* CCA: Use Random Number Generate Long for token_specific_rng()
* Common rng function: Prefer /dev/prandom over /dev/urandom
* ICA: add SHA*_RSA_PKCS_PSS mechanisms
* Bug fixes
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-2298=1
* SUSE Linux Enterprise High Performance Computing 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2298=1
* SUSE Linux Enterprise Server 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2298=1
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-2298=1
## Package List:
* SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x
x86_64)
* openCryptoki-debugsource-3.17.0-5.9.2
* openCryptoki-devel-3.17.0-5.9.2
* openCryptoki-debuginfo-3.17.0-5.9.2
* SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
* openCryptoki-debugsource-3.17.0-5.9.2
* openCryptoki-debuginfo-3.17.0-5.9.2
* openCryptoki-3.17.0-5.9.2
* SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
* openCryptoki-64bit-3.17.0-5.9.2
* SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
* openCryptoki-debugsource-3.17.0-5.9.2
* openCryptoki-debuginfo-3.17.0-5.9.2
* openCryptoki-3.17.0-5.9.2
* SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64)
* openCryptoki-64bit-3.17.0-5.9.2
* SUSE Linux Enterprise Server 12 SP5 (s390)
* openCryptoki-32bit-3.17.0-5.9.2
* SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
* openCryptoki-debugsource-3.17.0-5.9.2
* openCryptoki-64bit-3.17.0-5.9.2
* openCryptoki-debuginfo-3.17.0-5.9.2
* openCryptoki-3.17.0-5.9.2
## References:
* https://www.suse.com/security/cve/CVE-2024-0914.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219217
* https://bugzilla.suse.com/show_bug.cgi?id=1220266
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240704/ee51dfcf/attachment.htm>
More information about the sle-updates
mailing list