Описание
ELSA-2023-7879: opensc security update (MODERATE)
[0.23.0-3]
- Fix file caching with different offsets (RHEL-4079)
- Fix CVE-2023-40660: Potential PIN bypass
- Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init
- Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys
- Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
opensc
0.23.0-3.el9_3
Oracle Linux x86_64
opensc
0.23.0-3.el9_3
Связанные CVE
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 1 года назад
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.