Infineon firmware security issues

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q Content-Type: multipart/mixed; boundary="euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A"; protected-headers="v1" From: =?UTF-8?B?TWFyYyBEZXF1w6huZXMgKER1Y2sp?= <duck@redhat.com> To: oVirt Infra <infra@ovirt.org> Message-ID: <5ca02ec3-9742-187e-9a93-ca50b03778aa@redhat.com> Subject: Infineon firmware security issues --euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Quack, So the news (thanks Misc for the alert): https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-backgro= und This affects Yubikeys and other hardware: https://www.yubico.com/support/security-advisories/ysa-2017-01/ There's a nice tool to test if a key is vulnerable: https://github.com/crocs-muni/roca I tested keys in the oVirt Puppet repository and none are affected. You may check your other keys and ensure keys are checked in other projects. \_o< --euwd0OP654GGNcLdW6Guf5oX9JOBAWw2A-- --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcpcqg+UmRT3yiF+BVen596wcRD8FAlnl08cACgkQVen596wc RD+oEg/+PFTrAc13zzF6ldhn/U1oq1wzh2HYaGQ62vw2nmC3BHeXVUqAUIUbWsSs UaQxDZRiuXxCnFgM45rWyiAjZiXg9Lgpt5gcCHOWJ6TsSzJh0j/gQFq75FPKYtrQ Lob1v8KMv2bF7jEF7QgwaIj/BwEDnZ+XN53/2fg4lQ97wb6WBb3caSjejhPzcR6+ zg14uZHAe9bvMUk7qMn8ybCrb5TjQEeepV40mpRLvtY5tyLBzxs9ho1UmL4w3BL7 9Grdr2r2shKiWYPdUIP/F6OAavKR1MNmW2N8ZIYaHKFaN19YXAc71w4h9nHeD18Q lM4p3hzT2/cHY/fnsmS5Y7jtUyXgPHJvlyi2AkMht9gfI2xn27yyQuaSh0JjU1M7 2NAW/h2Gssf3rAmmuc3P7Kbq6wEY+krWgJSlefjzeOTYrPMlPtij6DieMVwlyRhG ct4buRHRlRFku1SFeYSoTNGieCamIVSQ9VH3Iyk0/tNwL9mdrOLv91VT/L8WUpvl vV4qY8Vbh+8OF3lNhGHFPWhQkFW46yoBrbK4S/jxK+fIsy/h72+ZI8Nc3omw5t80 eKTb6FWLysDG0MJoYhl2zaP9wq86e9fIwXPfF75uO1z4w/5T0qbITnnCGReFgvVK rq5gs4J4/S3qCQVZ45aaz0DNdvfNnOKBLN89x5gwtaXDYq/+8wE= =+KxX -----END PGP SIGNATURE----- --Jo6QvEJXJfQCfDxTQMptqAWL0Ku1cee9q--