Описание
Security update for opensc
This update for opensc fixes the following issues:
- CVE-2021-42782: Fixed several stack buffer overflows (bsc#1191957).
- CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init (bsc#1215761).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
opensc-0.13.0-3.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
opensc-0.13.0-3.25.1
Ссылки
- Link for SUSE-SU-2023:4065-1
- E-Mail link for SUSE-SU-2023:4065-1
- SUSE Security Ratings
- SUSE Bug 1191957
- SUSE Bug 1215761
- SUSE CVE CVE-2021-42782 page
- SUSE CVE CVE-2023-40661 page
Описание
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.25.1
Ссылки
- CVE-2021-42782
- SUSE Bug 1191957
- SUSE Bug 1192635
- SUSE Bug 1192643
- SUSE Bug 1192786
- SUSE Bug 1193388
Описание
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.25.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.25.1
Ссылки
- CVE-2023-40661
- SUSE Bug 1215761