The OpenSC code handling the PKCS#1 encryption padding removal is not implemented in side-channel resistant way, which can lead to possible leak to private key data.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0966 https://access.redhat.com/errata/RHSA-2024:0966
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0967 https://access.redhat.com/errata/RHSA-2024:0967
Should there be for this CVE also clone for Fedora?
In reply to comment #10: > Should there be for this CVE also clone for Fedora? At the time this bz was made public the Fedora package had already been updated to a fixed version. I did not want to create any unneeded noise.
No, it was not. The fix landed only in 0.25.0 as described here: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 The NIST pages were not updated with the latest information https://www.cve.org/CVERecord?id=CVE-2023-5992 https://nvd.nist.gov/vuln/detail/CVE-2023-5992 Can you take care of updating these?