Infineon firmware security issues

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q Content-Type: multipart/mixed; boundary="euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A"; protected-headers="v1" From: =?UTF-8?B?TWFyYyBEZXF1w6huZXMgKER1Y2sp?= <duck(a)redhat.com&gt; To: oVirt Infra <infra(a)ovirt.org&gt; Message-ID: <5ca02ec3-9742-187e-9a93-ca50b03778aa(a)redhat.com&gt; Subject: Infineon firmware security issues --euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Quack, So the news (thanks Misc for the alert): https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-backgro= und This affects Yubikeys and other hardware: https://www.yubico.com/support/security-advisories/ysa-2017-01/ There's a nice tool to test if a key is vulnerable: https://github.com/crocs-muni/roca I tested keys in the oVirt Puppet repository and none are affected. You may check your other keys and ensure keys are checked in other projects. \_o< --euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A-- --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q--