Описание
Security update for opensc
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
Список пакетов
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Ссылки
- Link for SUSE-SU-2024:3443-1
- E-Mail link for SUSE-SU-2024:3443-1
- SUSE Security Ratings
- SUSE Bug 1217722
- SUSE Bug 1230071
- SUSE Bug 1230072
- SUSE Bug 1230073
- SUSE Bug 1230074
- SUSE Bug 1230075
- SUSE Bug 1230076
- SUSE Bug 1230364
- SUSE CVE CVE-2024-45615 page
- SUSE CVE CVE-2024-45616 page
- SUSE CVE CVE-2024-45617 page
- SUSE CVE CVE-2024-45618 page
- SUSE CVE CVE-2024-45619 page
- SUSE CVE CVE-2024-45620 page
- SUSE CVE CVE-2024-8443 page
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
Затронутые продукты
Ссылки
- CVE-2024-45615
- SUSE Bug 1230071
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Затронутые продукты
Ссылки
- CVE-2024-45616
- SUSE Bug 1230072
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Затронутые продукты
Ссылки
- CVE-2024-45617
- SUSE Bug 1230073
Описание
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Затронутые продукты
Ссылки
- CVE-2024-45618
- SUSE Bug 1230074
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Затронутые продукты
Ссылки
- CVE-2024-45619
- SUSE Bug 1230075
Описание
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Затронутые продукты
Ссылки
- CVE-2024-45620
- SUSE Bug 1230076
Описание
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-8443
- SUSE Bug 1230364