{ "schema_version": "1.7.0", "id": "MGASA-2017-0395", "published": "2017-10-30T19:23:17Z", "modified": "2017-10-30T10:35:19Z", "summary": "Updated opensc_etc packages fix security vulnerability", "details": "A vulnerability, dubbed ROCA, was identified in an implementation of\nRSA key generation due to a fault in a code library developed by\nInfineon Technologies. The affected encryption keys are used to secure\nmany forms of technology, such as hardware chips, authentication tokens,\nsoftware packages, electronic documents, TLS/HTTPS keys, and PGP.\nInfineon Technologies’ smartcards, security tokens, and secure hardware\nchips produced since 2012 use the affected code library. Successful\nexploitation of this vulnerability results in an attacker being able to\nderive a private key from the public key, using prime factorization,\nwithin a practical time frame.\n\nThis vulnerability does not affect the RSA encryption algorithm itself,\nand only affects the implementation of the RSA encryption by Infineon\nTechnologies.\n\nThis vulnerability also affects Estonian ID cards that were issued after\n16th October 2014. With the updated packages the user is able to update\nhis/her certificates and continue using the online services that require\nID card.\n", "upstream": [ "CVE-2017-15361" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2017-0395.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=21944" }, { "type": "WEB", "url": "https://www.politsei.ee/en/uudised/uudis.dot?id=785151" } ], "affected": [ { "package": { "ecosystem": "Mageia:6", "name": "opensc", "purl": "pkg:rpm/mageia/opensc?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.15.0-2.1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "libdigidocpp", "purl": "pkg:rpm/mageia/libdigidocpp?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.13.2-1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "qdigidoc", "purl": "pkg:rpm/mageia/qdigidoc?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.13.3-1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "qesteidutil", "purl": "pkg:rpm/mageia/qesteidutil?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.12.7-2.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "chrome-token-signing", "purl": "pkg:rpm/mageia/chrome-token-signing?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.0.6-1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:6", "name": "task-esteid", "purl": "pkg:rpm/mageia/task-esteid?arch=source&distro=mageia-6" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.13.3-1.mga6" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }