SUSE-SU-2026:21419-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-23893: use of symlinks in group-writable token directories can lead to privilege escalation and data exposure bsc1257116. - CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial...

openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following

A flaw was found in openCryptoki, a PKCS11 library and tooling for Linux and AIX. A token-group user can exploit a symlink-following vulnerability by planting symbolic links in group-writable token directories. When an administrator runs a PKCS11 application or administrative tool as root, it may...

CVE-2026-23893

A flaw was found in openCryptoki, a PKCS11 library and tooling for Linux and AIX. A token-group user can exploit a symlink-following vulnerability by planting symbolic links in group-writable token directories. When an administrator runs a PKCS11 application or administrative tool as root, it may...

UBUNTU-CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2026-23893 openCryptoki has improper link resolution before file access (link following)

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

PT-2026-3885

Name of the Vulnerable Software and Affected Versions openCryptoki versions 2.3.2 and above Description openCryptoki is a PKCS11 library used on Linux and AIX systems. Versions 2.3.2 and above are susceptible to symlink-following when operating in privileged contexts. A user belonging to the...

CVE-2025-34323

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to...

CVE-2009-3557

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safemode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments...