Описание
Security update for opensc
This update for opensc fixes the following issues:
Security issues fixed:
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
Non-security issues fixed:
- Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649)
Список пакетов
SUSE Enterprise Storage 6
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Micro 5.1
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Real Time 15 SP2
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Server 15 SP1-BCL
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Server 15 SP1-LTSS
opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
opensc-0.19.0-150100.3.16.1
openSUSE Leap 15.3
opensc-0.19.0-150100.3.16.1
opensc-32bit-0.19.0-150100.3.16.1
Ссылки
- Link for SUSE-SU-2022:1156-1
- E-Mail link for SUSE-SU-2022:1156-1
- SUSE Security Ratings
- SUSE Bug 1114649
- SUSE Bug 1191957
- SUSE Bug 1191992
- SUSE Bug 1192000
- SUSE Bug 1192005
- SUSE CVE CVE-2021-42779 page
- SUSE CVE CVE-2021-42780 page
- SUSE CVE CVE-2021-42781 page
- SUSE CVE CVE-2021-42782 page
Описание
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
Затронутые продукты
SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1
Ссылки
- CVE-2021-42779
- SUSE Bug 1191992
Описание
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
Затронутые продукты
SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1
Ссылки
- CVE-2021-42780
- SUSE Bug 1192005
- SUSE Bug 1196716
Описание
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
Затронутые продукты
SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1
Ссылки
- CVE-2021-42781
- SUSE Bug 1192000
- SUSE Bug 1192635
Описание
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
Затронутые продукты
SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1
SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1
Ссылки
- CVE-2021-42782
- SUSE Bug 1191957
- SUSE Bug 1192635
- SUSE Bug 1192643
- SUSE Bug 1192786
- SUSE Bug 1193388