Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 269920 (CVE-2009-1603) - =dev-libs/opensc-0.11.7 generates invalid RSA keys (CVE-2009-1603)
Summary: =dev-libs/opensc-0.11.7 generates invalid RSA keys (CVE-2009-1603)
Alias: CVE-2009-1603
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Depends on:
Reported: 2009-05-15 09:12 UTC by Alex Legler (RETIRED)
Modified: 2009-08-01 12:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-15 09:12:27 UTC
CVE-2009-1603 (
  src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used
  with unspecified third-party PKCS#11 modules, generates RSA keys with
  incorrect public exponents, which allows attackers to read the
  cleartext form of messages that were intended to be encrypted.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-15 09:13:16 UTC
0.11.8 has been released to fix this problem.
Comment 2 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-15 22:29:49 UTC
dev-libs/opensc-0.11.8 is now in the tree.
Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2009-05-15 22:31:30 UTC
Please stabilize dev-libs/opensc-0.11.8.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2009-05-16 11:06:50 UTC
Stable on alpha.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-16 13:42:24 UTC
  16 May 2009; Tobias Klausmann <> ChangeLog:
  Stable on alpha, bug #269920
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2009-05-16 14:48:37 UTC
(In reply to comment #5)
>   16 May 2009; Tobias Klausmann <> ChangeLog:
>   Stable on alpha, bug #269920

Fixed. Thanks for the heads up.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2009-05-16 15:40:02 UTC
Stable for HPPA.
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2009-05-18 15:54:01 UTC
x86 stable
Comment 9 Brent Baude (RETIRED) gentoo-dev 2009-05-18 19:02:27 UTC
ppc64 done
Comment 10 Brent Baude (RETIRED) gentoo-dev 2009-05-18 19:02:36 UTC
ppc done
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-05-21 15:54:46 UTC
arm/ia64/m68k/s390/sh/sparc stable
Comment 12 Markus Meier gentoo-dev 2009-05-22 22:45:30 UTC
amd64 stable, all arches done.
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2009-06-12 21:47:02 UTC
Ready to vote, I vote YES.
Comment 14 Tobias Heinlein (RETIRED) gentoo-dev 2009-06-24 16:49:02 UTC
YES too, request filed.
Comment 15 Tobias Heinlein (RETIRED) gentoo-dev 2009-07-30 13:42:19 UTC
Reverted rbu's last change, only 0.11.7 is affected.
Comment 16 Tobias Heinlein (RETIRED) gentoo-dev 2009-08-01 12:38:16 UTC
GLSA 200908-01, thanks everyone.