OESA-2026-1322 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)

...

Oracle Linux 9 : opencryptoki (ELSA-2024-1239)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1239 advisory. 3.21.0-9 - timing side-channel in handling of RSA PKCS1 v1.5 padded ciphertexts Marvin Resolves: RHEL-22792 Tenable has extracted the preceding description bloc...

CVE-2024-0914

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS, which stems from a difference in response time for ciphertexts that are formatted incorrectly versus ciphertexts that are correctly padded, which could allow...