openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:1447-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856113

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:1447-1)

Resumen: The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2024:1447-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2024:1447-1 advisory.

Vulnerability Insight:
This update for openCryptoki fixes the following issues:

Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)

* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes

- provide user(pkcs11) and group(pkcs11)

Upgrade to version 3.22 (jsc#PED-3361)

- CCA: Add support for the AES-XTS key type using CPACF protected keys
- p11sak: Add support for managing certificate objects
- p11sak: Add support for public sessions (no-login option)
- p11sak: Add support for logging in as SO (security Officer)
- p11sak: Add support for importing/exporting Edwards and Montgomery keys
- p11sak: Add support for importing of RSA-PSS keys and certificates
- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different

Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)

- EP11 and CCA: Support concurrent HSM master key changes
- CCA: protected-key option
- pkcsslotd: no longer run as root user and further hardening
- p11sak: Add support for additional key types (DH, DSA, generic secret)
- p11sak: Allow wildcards in label filter
- p11sak: Allow to specify hex value for CKA_ID attribute
- p11sak: Support sorting when listing keys
- p11sak: New commands: set-key-attr, copy-key to modify and copy keys
- p11sak: New commands: import-key, export-key to import and export keys
- Remove support for --disable-locks (transactional memory)
- Updates to harden against RSA timing attacks
- Bug fixes

Affected Software/OS:
'openCryptoki' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
5.4

CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-0914
RHBZ#2260407
https://bugzilla.redhat.com/show_bug.cgi?id=2260407
RHSA-2024:1239
https://access.redhat.com/errata/RHSA-2024:1239
RHSA-2024:1411
https://access.redhat.com/errata/RHSA-2024:1411
RHSA-2024:1608
https://access.redhat.com/errata/RHSA-2024:1608
RHSA-2024:1856
https://access.redhat.com/errata/RHSA-2024:1856
RHSA-2024:1992
https://access.redhat.com/errata/RHSA-2024:1992
https://access.redhat.com/security/cve/CVE-2024-0914
https://people.redhat.com/~hkario/marvin/

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856113
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:1447-1)
Resumen:	The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2024:1447-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openCryptoki' package(s) announced via the SUSE-SU-2024:1447-1 advisory. Vulnerability Insight: This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361) * EP11: Add support for FIPS-session mode * CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217) * Bug fixes - provide user(pkcs11) and group(pkcs11) Upgrade to version 3.22 (jsc#PED-3361) - CCA: Add support for the AES-XTS key type using CPACF protected keys - p11sak: Add support for managing certificate objects - p11sak: Add support for public sessions (no-login option) - p11sak: Add support for logging in as SO (security Officer) - p11sak: Add support for importing/exporting Edwards and Montgomery keys - p11sak: Add support for importing of RSA-PSS keys and certificates - CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different Update to version 3.21 (jsc#PED-3360, jsc#PED-3361) - EP11 and CCA: Support concurrent HSM master key changes - CCA: protected-key option - pkcsslotd: no longer run as root user and further hardening - p11sak: Add support for additional key types (DH, DSA, generic secret) - p11sak: Allow wildcards in label filter - p11sak: Allow to specify hex value for CKA_ID attribute - p11sak: Support sorting when listing keys - p11sak: New commands: set-key-attr, copy-key to modify and copy keys - p11sak: New commands: import-key, export-key to import and export keys - Remove support for --disable-locks (transactional memory) - Updates to harden against RSA timing attacks - Bug fixes Affected Software/OS: 'openCryptoki' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 5.4 CVSS Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-0914 RHBZ#2260407 https://bugzilla.redhat.com/show_bug.cgi?id=2260407 RHSA-2024:1239 https://access.redhat.com/errata/RHSA-2024:1239 RHSA-2024:1411 https://access.redhat.com/errata/RHSA-2024:1411 RHSA-2024:1608 https://access.redhat.com/errata/RHSA-2024:1608 RHSA-2024:1856 https://access.redhat.com/errata/RHSA-2024:1856 RHSA-2024:1992 https://access.redhat.com/errata/RHSA-2024:1992 https://access.redhat.com/security/cve/CVE-2024-0914 https://people.redhat.com/~hkario/marvin/
Copyright	Copyright (C) 2024 Greenbone AG