Fedora Linux 8781 Published by

An opencryptoki security update has been released for Fedora 34.



SECURITY: Fedora 34 Update: opencryptoki-3.16.0-2.fc34


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-33f8ebd09c
2021-09-02 23:45:36.565238
--------------------------------------------------------------------------------

Name : opencryptoki
Product : Fedora 34
Version : 3.16.0
Release : 2.fc34
URL :   https://github.com/opencryptoki/opencryptoki
Summary : Implementation of the PKCS#11 (Cryptoki) specification v2.11
Description :
Opencryptoki implements the PKCS#11 specification v2.11 for a set of
cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
token implementation that can be used without any cryptographic
hardware.
This package contains the Slot Daemon (pkcsslotd) and general utilities.

--------------------------------------------------------------------------------
Update Information:

When constructing an OpenSSL EC public or private key from PKCS#11 attributes or
ECDH public data, check that the key is valid, i.e. that the point is on the
curve. This prevents one from creating an EC key object via C_CreateObject with
invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH
with an EC public key (public data) that uses a different curve or is invalid by
other means. The problem is fixed in opencryptoki-3.16.0-2
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 24 2021 Than Ngo - 3.16.0-2
- Fixed bz#1990592, allows invalid curve attacks via a specially crafted key
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1990591 - opencryptoki: allows invalid curve attacks via a specially crafted key
  https://bugzilla.redhat.com/show_bug.cgi?id=1990591
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-33f8ebd09c' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys