Manualshelf

Release Notes

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
11121314151617181920
Enhancements and Resolved Issues 19
RSA BSAFE Micro Edition Suite 4.4 Release Notes
Enhancements and Resolved Issues
The following table lists the enhancements and resolved issues in this release of MES.
Table 4 Enhancements and Resolved Issues
ID Description
BSFMES-2377 MES is potentially vulnerable to an Information Exposure Through
Timing Discrepancy. A malicious remote user could potentially exploit
this vulnerability to extract information leaving data at risk of exposure -
CVE-2019-3731.
BSFMES-2278 MES is vulnerable to an oracle padding attack - CVE-2019-3730.
BSFMES-2275 Update the default TLS cipher suite list.
BSFMES-2175 R_SSL_CTX_set_ex_data/R_SSL_set_ex_data with user defined
memory allocator causes memory violation.
BSFMES-2142 Possible Denial of Service vulnerability on the client side when using large
DH keys - CVE-2018-15769.
BSFMES-2125 When BER encoding (unsigned) bignums prefix a leading zero byte, and
the MSBit is set as BER, encoding defines integer to be signed values.
BSFMES-2121 The public key implementation cannot read or write the PKCS #8 format
for DH private keys used by OpenSSL.
BSFMES-2118 The sample, crl_util, generates CRLs that are not compliant with
RFC 5280.
BSFMES-2092 Some sample programs use asymmetric keys that have security strengths
that are less than the currently accepted minimum security strength.
BSFMES-2074 An internal error can allow an invalid server identity certificate to be
chosen in a TLS handshake.
BSFMES-2020 When processing PKCS #12 messages and CMS messages sensitive data is
sometimes not cleared before memory is freed.
BSFMES-2013 TLS APIs still allow the use of 512-bit and 1024-bit DH keys by default.
The TLS API is updated to disallow the use of identifiers for 512-bit DH
keys, and to allow the use of identifiers for 1024-bit DH keys only after an
explicit application call.
BSFMES-1999 The single-step KDF cannot use APIs that include arguments of type
R_ALG_PARAMS.
BSFMES-1995 Covert timing channel vulnerability during RSA decryption
- CVE-2019-3732.
BSFMES-1963 The CMS API is to be enhanced with RSA-KEM-KWS support for key
transport in enveloped messages.