Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-71523

Rebase OpenSC to 0.26.1

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • opensc-0.26.1-1.el10
    • No
    • Low
    • Rebase
    • 1
    • rhel-security-crypto
    • ssg_security
    • 24
    • 26
    • 1
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25Q1
    • Enhancement
    • Hide
      .OpenSC provided in version 0.26.1

      RHEL 10 provides the `opensc` packages in the upstream version 0.26.1. The most notable enhancements and bug fixes are:

      * Additional fixes for removing the time side-channel leakage related to the RSA PKCS #1 v1.5 padding removal after decryption
      * Unified OpenSSL logging
      * Support for the HKDF, RSA OEAP encryption, AES GCM, and AES GMAC mechanisms in the `pkcs11-tool` utility
      * Fixes for CVEs targeting uninitialized memory problems: CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, and CVE-2024-45620
      * A fix of allocations of aligned memory that caused crashes in the Chromium web browser
      * A fix of reading certificates in the TeleSec Chipcard Operating System (TCOS) card driver
      Show
      .OpenSC provided in version 0.26.1 RHEL 10 provides the `opensc` packages in the upstream version 0.26.1. The most notable enhancements and bug fixes are: * Additional fixes for removing the time side-channel leakage related to the RSA PKCS #1 v1.5 padding removal after decryption * Unified OpenSSL logging * Support for the HKDF, RSA OEAP encryption, AES GCM, and AES GMAC mechanisms in the `pkcs11-tool` utility * Fixes for CVEs targeting uninitialized memory problems: CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, and CVE-2024-45620 * A fix of allocations of aligned memory that caused crashes in the Chromium web browser * A fix of reading certificates in the TeleSec Chipcard Operating System (TCOS) card driver
    • Done
    • None

      A new fix-up version of OpenSC 0.26.1 will be released in upstream. It contains additional fix for page allocation causing Chromium browser to crash.

              vhanulik@redhat.com Veronika Hanulikova (Inactive)
              vhanulik@redhat.com Veronika Hanulikova (Inactive)
              George Pantelakis George Pantelakis
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: