Advisories » MGASA-2024-0152

Updated opencryptoki packages fix security vulnerability

Publication date: 27 Apr 2024
Modification date: 27 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0914

Description

A timing side-channel vulnerability has been discovered in the
opencryptoki package while processing RSA PKCS#1 v1.5 padded
ciphertexts. This flaw could potentially enable unauthorized RSA
ciphertext decryption or signing, even without access to the
corresponding private key. (CVE-2024-0914)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33124
• https://lwn.net/Articles/970137/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0914

SRPMS

9/core

• opencryptoki-3.23.0-1.1.mga9