Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.0
Affects Version/s: rhel-10.0
Component/s: opensc
Labels:
- Accepted
- CY24Q4

Fixed in Build:
opensc-0.26.0-1.el10
Regression:
No
Severity:
Low
Epic Link:
CRYPTO-15212
Keywords:

Rebase
sprint_count:
1

Pool Team:

rhel-sst-security-crypto
Sub-System Group:

ssg_security

Dev Target Milestone:
19
Internal Target Milestone:
20
Story Points:
1
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
Crypto24Q4

Acceptance Criteria:

Hide

AC1) RegressionOnly

Show
AC1) RegressionOnly
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/141123
Gating Tests:

Not Needed
Test Coverage:

RegressionOnly

Release Note Type:
Rebase
Release Note Text:

Hide
In RHEL 10, the OpenSC package is provided in upstream version 0.26.0. The most notable enhancements and bug fixes are:
* Additional fixes for removing the time side-channel leakage related to RSA PKCS#1 v1.5 padding removal after decryption.
* Unified OpenSSL logging.
* The pkcs11-tool support for several mechanisms (HKDF, RSA OEAP encryption, AES GCM, AES GMAC).
* CVEs targeting uninitialized memory problems (CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620).

Show
In RHEL 10, the OpenSC package is provided in upstream version 0.26.0. The most notable enhancements and bug fixes are: * Additional fixes for removing the time side-channel leakage related to RSA PKCS#1 v1.5 padding removal after decryption. * Unified OpenSSL logging. * The pkcs11-tool support for several mechanisms (HKDF, RSA OEAP encryption, AES GCM, AES GMAC). * CVEs targeting uninitialized memory problems (CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620).
Release Note Status:
Proposed

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

A new version of OpenSC 0.26.0 will be released in upstream. It contains additional fixes for removing the time side-channel leakage related to RSA PKCS#1 v1.5 padding removal after decryption, unified OpenSSL logging, several features for pkcs11-tool and fixes for CVEs targeting uninitialized memory problems.

CVEs fixed with this rebase:

CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init
CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc
CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc
CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init
CVE-2024-45619: Incorrect handling length of buffers or files in libopensc
CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init
CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key

links to

RHBA-2024:141123 opensc bug fix and enhancement update

Assignee:: Veronika Hanulikova

Reporter:: Veronika Hanulikova

Developer:: Veronika Hanulikova

QA Contact:: George Pantelakis

Doc Contact:: Mirek Jahoda

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/10/24 8:57 AM

Updated:: 2024/12/17 2:19 PM

Dev Target end:: 2024/12/30

Target end:: 2025/01/06

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates