SUSE SLES15 / openSUSE 15 Security Update : openCryptoki (SUSE-SU-2024:1447-1)

medium Nessus Plugin ID 194460

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1447-1 advisory.

Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)

* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes

- provide user(pkcs11) and group(pkcs11)

Upgrade to version 3.22 (jsc#PED-3361)

- CCA: Add support for the AES-XTS key type using CPACF protected keys
- p11sak: Add support for managing certificate objects
- p11sak: Add support for public sessions (no-login option)
- p11sak: Add support for logging in as SO (security Officer)
- p11sak: Add support for importing/exporting Edwards and Montgomery keys
- p11sak: Add support for importing of RSA-PSS keys and certificates
- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different

Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)

- EP11 and CCA: Support concurrent HSM master key changes
- CCA: protected-key option
- pkcsslotd: no longer run as root user and further hardening
- p11sak: Add support for additional key types (DH, DSA, generic secret)
- p11sak: Allow wildcards in label filter
- p11sak: Allow to specify hex value for CKA_ID attribute
- p11sak: Support sorting when listing keys
- p11sak: New commands: set-key-attr, copy-key to modify and copy keys
- p11sak: New commands: import-key, export-key to import and export keys
- Remove support for --disable-locks (transactional memory)
- Updates to harden against RSA timing attacks
- Bug fixes

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected openCryptoki, openCryptoki-64bit and / or openCryptoki-devel packages.

See Also

https://bugzilla.suse.com/1219217

https://www.suse.com/security/cve/CVE-2024-0914

http://www.nessus.org/u?a3f305e8

Plugin Details

Severity: Medium

ID: 194460

File Name: suse_SU-2024-1447-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 4/29/2024

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.7

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-0914

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:opencryptoki, p-cpe:/a:novell:suse_linux:opencryptoki-64bit, p-cpe:/a:novell:suse_linux:opencryptoki-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/26/2024

Vulnerability Publication Date: 1/31/2024

Reference Information

CVE: CVE-2024-0914

SuSE: SUSE-SU-2024:1447-1