Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0998-1

Опубликовано: 31 мар. 2021
Источник: suse-cvrf

Описание

Security update for opensc

This update for opensc fixes the following issues:

  • CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380)
  • CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747)
  • CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746)
  • CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256)
  • CVE-2020-26572: Prevent out of bounds write (bsc#1177378)
  • CVE-2020-26570: Fix buffer overflow in sc_oberthur_read_file (bsc#1177364)

Список пакетов

SUSE Linux Enterprise Server 12 SP5
opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
opensc-0.13.0-3.11.1

Ссылки

Описание

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки

Описание

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки

Описание

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки

Описание

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки

Описание

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки

Описание

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.11.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.11.1
Ссылки
Уязвимость SUSE-SU-2021:0998-1