Описание
Security update for opensc
This update for opensc fixes the following issues:
- CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)
- CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)
- CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)
- CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)
- CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)
- CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)
- CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)
- CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2018:3621-1
- E-Mail link for SUSE-SU-2018:3621-1
- SUSE Security Ratings
- SUSE Bug 1104812
- SUSE Bug 1106998
- SUSE Bug 1106999
- SUSE Bug 1107033
- SUSE Bug 1107037
- SUSE Bug 1107038
- SUSE Bug 1107039
- SUSE Bug 1107107
- SUSE Bug 1108318
- SUSE CVE CVE-2018-16391 page
- SUSE CVE CVE-2018-16392 page
- SUSE CVE CVE-2018-16393 page
- SUSE CVE CVE-2018-16418 page
- SUSE CVE CVE-2018-16419 page
- SUSE CVE CVE-2018-16422 page
- SUSE CVE CVE-2018-16423 page
- SUSE CVE CVE-2018-16427 page
Описание
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16391
- SUSE Bug 1106998
Описание
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16392
- SUSE Bug 1106999
Описание
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16393
- SUSE Bug 1108318
Описание
A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16418
- SUSE Bug 1107039
Описание
Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16419
- SUSE Bug 1107107
Описание
A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16422
- SUSE Bug 1107038
Описание
A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
Ссылки
- CVE-2018-16423
- SUSE Bug 1107037
Описание
Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.
Затронутые продукты
Ссылки
- CVE-2018-16427
- SUSE Bug 1107033