SUSE SLES12 Security Update : openCryptoki (SUSE-SU-2024:2298-1)

medium Nessus Plugin ID 201902

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2298-1 advisory.

openCryptoki was updated to version to 3.17.0 (bsc#1220266, bsc#1219217)

+ openCryptoki 3.17

- tools: added function to list keys to p11sak
- common: added support for OpenSSL 3.0
- common: added support for event notifications
- ICA: added SW fallbacks

+ openCryptoki 3.16

- EP11: protected-key option
- EP11: support attribute-bound keys
- CCA: import and export of secure key objects
- Bug fixes

+ openCryptoki 3.15.1

- Bug fixes

+ openCryptoki 3.15

- common: conform to PKCS 11 3.0 Baseline Provider profile
- Introduce new vendor defined interface named 'Vendor IBM'
- Support C_IBM_ReencryptSingle via 'Vendor IBM' interface
- CCA: support key wrapping
- SOFT: support ECC
- p11sak tool: add remove-key command
- Bug fixes

+ openCryptoki 3.14

- EP11: Dilitium support stage 2
- Common: Rework on process and thread locking
- Common: Rework on btree and object locking
- ICSF: minor fixes
- TPM, ICA, ICSF: support multiple token instances
- new tool p11sak

+ openCryptoki 3.13.0

- EP11: Dilithium support
- EP11: EdDSA support
- EP11: support RSA-OAEP with non-SHA1 hash and MGF

+ openCryptoki 3.12.1

- Fix pkcsep11_migrate tool

+ openCryptoki 3.12.0

- Update token pin and data store encryption for soft,ica,cca and ep11
- EP11: Allow importing of compressed EC public keys
- EP11: Add support for the CMAC mechanisms
- EP11: Add support for the IBM-SHA3 mechanisms
- SOFT: Add AES-CMAC and 3DES-CMAC support to the soft token
- ICA: Add AES-CMAC and 3DES-CMAC support to the ICA token
- EP11: Add config option USE_PRANDOM
- CCA: Use Random Number Generate Long for token_specific_rng()
- Common rng function: Prefer /dev/prandom over /dev/urandom
- ICA: add SHA*_RSA_PKCS_PSS mechanisms
- Bug fixes

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected openCryptoki, openCryptoki-32bit, openCryptoki-64bit and / or openCryptoki-devel packages.

See Also

https://bugzilla.suse.com/1219217

https://bugzilla.suse.com/1220266

http://www.nessus.org/u?4ee1b5a6

https://www.suse.com/security/cve/CVE-2024-0914

Plugin Details

Severity: Medium

ID: 201902

File Name: suse_SU-2024-2298-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 7/5/2024

Updated: 7/5/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-0914

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:opencryptoki, p-cpe:/a:novell:suse_linux:opencryptoki-32bit, p-cpe:/a:novell:suse_linux:opencryptoki-64bit, p-cpe:/a:novell:suse_linux:opencryptoki-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 7/4/2024

Vulnerability Publication Date: 1/31/2024

Reference Information

CVE: CVE-2024-0914

SuSE: SUSE-SU-2024:2298-1