Ubuntu has issued an advisory today (August 4):
Mageia 8 is also affected.
Patch available from Ubuntu
Fedora has issued an advisory for this on September 2:
CC'ing all packagers collectively, because daviddavid hasn't been around since three months ago. Any packager should feel free to take this bug.
The updated packages fix a security vulnerability:
It was discovered that openCryptoki incorrectly handled certain EC keys. An attacker could possibly use this issue to cause a invalid curve attack.
Updated packages in core/updates_testing:
Patch available from Ubuntu =>