RHBA-2021:3054 Red Hat Bug Fix Advisory: opencryptoki bug fix and enhancement update

Bulletin has no description...

OPENSUSE-SU-2024:14195-1 openCryptoki-3.23.0-4.1 on GA media

These are all security issues fixed in the openCryptoki-3.23.0-4.1 package on the GA media of openSUSE Tumbleweed...

SUSE: Security Advisory (SUSE-SU-2024:2298-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : openCryptoki (SUSE-SU-2024:2298-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2298-1 advisory. openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak -...

SUSE-SU-2024:2298-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: openCryptoki was updated to version to 3.17.0 bsc1220266, bsc1219217 + openCryptoki 3.17 - tools: added function to list keys to p11sak - common: added support for OpenSSL 3.0 - common: added support for event notifications - ICA: added SW...

Advisory ROSA-SA-2024-2438

Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...

opencryptoki bug fix and enhancement update

An update is available for opencryptoki. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information CVE-2024-0914. Vulnerability Details CVEID:CVE-2024-0914 DESCRIPTION: openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS1 v1.5...

AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptokiadvisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki CVE-2024-0914...

RHEL 4 : opencryptoki (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - opencryptoki: insecure handling of files in the /tmp directory CVE-2012-4455 - openCryptoki before 2.4.1,...

RHEL 5 : opencryptoki (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - opencryptoki: insecure handling of files in the /tmp directory CVE-2012-4455 - openCryptoki before 2.4.1,...

RHEL 7 : opencryptoki (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opencryptoki: timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin CVE-2024-0914 Note that...

RHEL 6 : opencryptoki (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opencryptoki: timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin CVE-2024-0914 Note that...

openSUSE Security Advisory (SUSE-SU-2024:1447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0152)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 / openSUSE 15 Security Update : openCryptoki (SUSE-SU-2024:1447-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1447-1 advisory. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded...

MGASA-2024-0152 Updated opencryptoki packages fix security vulnerability

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. CVE-2024-0914...

SUSE-SU-2024:1447-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...

RHEL 8 : opencryptoki (RHSA-2024:1992)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1992 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Moderate: Red Hat Security Advisory: opencryptoki security update

An update for opencryptoki is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...