FEDORA-2021-33f8ebd09c created by than 2 months ago for Fedora 34
stable

When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. This prevents one from creating an EC key object via C_CreateObject with invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH with an EC public key (public data) that uses a different curve or is invalid by other means.

The problem is fixed in opencryptoki-3.16.0-2

How to install

sudo dnf upgrade --advisory=FEDORA-2021-33f8ebd09c

This update has been submitted for testing by than.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

than edited this update.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
modified
2 months ago
BZ#1990591 opencryptoki: allows invalid curve attacks via a specially crafted key
0
0
BZ#1990592 openCryptoki: allows invalid curve attacks via a specially crafted key [fedora-all]
0
0

Automated Test Results