stable
FEDORA-2021-33f8ebd09c created by than 12 months ago for Fedora 34

When constructing an OpenSSL EC public or private key from PKCS#11 attributes or ECDH public data, check that the key is valid, i.e. that the point is on the curve. This prevents one from creating an EC key object via C_CreateObject with invalid key data. It also prevents C_DeriveKey to derive a secret using ECDH with an EC public key (public data) that uses a different curve or is invalid by other means.

The problem is fixed in opencryptoki-3.16.0-2

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2021-33f8ebd09c

This update has been submitted for testing by than.

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update's test gating status has been changed to 'waiting'.

12 months ago

than edited this update.

12 months ago

This update's test gating status has been changed to 'ignored'.

12 months ago

This update has been pushed to testing.

12 months ago

This update has been submitted for stable by bodhi.

11 months ago

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
12 months ago
in testing
12 months ago
in stable
11 months ago
modified
12 months ago
BZ#1990591 opencryptoki: allows invalid curve attacks via a specially crafted key
0
0
BZ#1990592 openCryptoki: allows invalid curve attacks via a specially crafted key [fedora-all]
0
0

Automated Test Results