{"affected":[{"ecosystem_specific":{"binaries":[{"openCryptoki":"3.23.0-150500.3.3.13"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"openCryptoki","purl":"pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.23.0-150500.3.3.13"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openCryptoki":"3.23.0-150500.3.3.13","openCryptoki-64bit":"3.23.0-150500.3.3.13","openCryptoki-devel":"3.23.0-150500.3.3.13"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP5","name":"openCryptoki","purl":"pkg:rpm/suse/openCryptoki&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.23.0-150500.3.3.13"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"openCryptoki":"3.23.0-150500.3.3.13","openCryptoki-64bit":"3.23.0-150500.3.3.13","openCryptoki-devel":"3.23.0-150500.3.3.13"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"openCryptoki","purl":"pkg:rpm/opensuse/openCryptoki&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.23.0-150500.3.3.13"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openCryptoki fixes the following issues:\n\nUpgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)\n\n* EP11: Add support for FIPS-session mode\n* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)\n* Bug fixes\n\n- provide user(pkcs11) and group(pkcs11)\n\nUpgrade to version 3.22 (jsc#PED-3361)\n\n- CCA: Add support for the AES-XTS key type using CPACF protected keys\n- p11sak: Add support for managing certificate objects\n- p11sak: Add support for public sessions (no-login option)\n- p11sak: Add support for logging in as SO (security Officer)\n- p11sak: Add support for importing/exporting Edwards and Montgomery keys\n- p11sak: Add support for importing of RSA-PSS keys and certificates\n- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different\n\nUpdate to version 3.21 (jsc#PED-3360, jsc#PED-3361)\n\n- EP11 and CCA: Support concurrent HSM master key changes\n- CCA: protected-key option\n- pkcsslotd: no longer run as root user and further hardening\n- p11sak: Add support for additional key types (DH, DSA, generic secret)\n- p11sak: Allow wildcards in label filter\n- p11sak: Allow to specify hex value for CKA_ID attribute\n- p11sak: Support sorting when listing keys\n- p11sak: New commands: set-key-attr, copy-key to modify and copy keys\n- p11sak: New commands: import-key, export-key to import and export keys\n- Remove support for --disable-locks (transactional memory)\n- Updates to harden against RSA timing attacks\n- Bug fixes\n","id":"SUSE-SU-2024:1447-1","modified":"2024-04-26T08:04:43Z","published":"2024-04-26T08:04:43Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241447-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1219217"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-0914"}],"related":["CVE-2024-0914"],"summary":"Security update for openCryptoki","upstream":["CVE-2024-0914"]}