Updated opencryptoki packages fix security vulnerability
Publication date: 27 Apr 2024Modification date: 27 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-0914
Description
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. (CVE-2024-0914)
References
SRPMS
9/core
- opencryptoki-3.23.0-1.1.mga9