[Bug 1862187] Comment bridged from LTC Bugzilla

Thu Mar 5 15:49:28 UTC 2020

------- Comment From heinz-werner_seeck at de.ibm.com 2020-03-05 10:42 EDT-------
IBM bugzilla status-> Fix Released with focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1862187

Title:
  [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in s390-tools package in Ubuntu:
  Fix Released

Bug description:
  Description:   zkey: Fix display of XTS attribute for validate command
  Symptom:       The 'zkey validate' command shows an invalid value for
                 the XTS attribute.
  Problem:       Due to a use after free of the secure key, the XTS attribute
                 is not determined correctly, and is displayed incorrectly.
                 Function is_xts_key() is called with a secure key that has
                 already been freed and thus most likely returns false.
                 This bug has been introduced with feature SEC1717 "Cipher
                 key support" with commit 298fab68fee8 "zkey: Preparations for
                 introducing a new key type"
  Solution:      Free the secure key only after the last use.
  Reproduction:  Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
                 and then run 'zkey validate'.

  Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

  https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

  Need to be applied on top of 2.12.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1862187/+subscriptions