Описание
Security update for opensc
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
Список пакетов
Image SLES15-SP4-Hardened-BYOS
Image SLES15-SP4-Hardened-BYOS-Azure
Image SLES15-SP4-Hardened-BYOS-EC2
Image SLES15-SP4-Hardened-BYOS-GCE
Image SLES15-SP4-SAP-Hardened
Image SLES15-SP4-SAP-Hardened-Azure
Image SLES15-SP4-SAP-Hardened-BYOS
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
Image SLES15-SP4-SAP-Hardened-GCE
Image SLES15-SP5-Hardened-BYOS-Azure
Image SLES15-SP5-Hardened-BYOS-EC2
Image SLES15-SP5-Hardened-BYOS-GCE
Image SLES15-SP5-SAP-Hardened-Azure
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
Image SLES15-SP5-SAP-Hardened-GCE
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Micro 5.5
SUSE Linux Enterprise Module for Basesystem 15 SP5
openSUSE Leap 15.5
openSUSE Leap Micro 5.5
Ссылки
- Link for SUSE-SU-2024:3445-1
- E-Mail link for SUSE-SU-2024:3445-1
- SUSE Security Ratings
- SUSE Bug 1217722
- SUSE Bug 1230071
- SUSE Bug 1230072
- SUSE Bug 1230073
- SUSE Bug 1230074
- SUSE Bug 1230075
- SUSE Bug 1230076
- SUSE Bug 1230364
- SUSE CVE CVE-2024-45615 page
- SUSE CVE CVE-2024-45616 page
- SUSE CVE CVE-2024-45617 page
- SUSE CVE CVE-2024-45618 page
- SUSE CVE CVE-2024-45619 page
- SUSE CVE CVE-2024-45620 page
- SUSE CVE CVE-2024-8443 page
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).
Затронутые продукты
Ссылки
- CVE-2024-45615
- SUSE Bug 1230071
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.
Затронутые продукты
Ссылки
- CVE-2024-45616
- SUSE Bug 1230072
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Затронутые продукты
Ссылки
- CVE-2024-45617
- SUSE Bug 1230073
Описание
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Затронутые продукты
Ссылки
- CVE-2024-45618
- SUSE Bug 1230074
Описание
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Затронутые продукты
Ссылки
- CVE-2024-45619
- SUSE Bug 1230075
Описание
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Затронутые продукты
Ссылки
- CVE-2024-45620
- SUSE Bug 1230076
Описание
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-of-bound rights, possibly resulting in arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-8443
- SUSE Bug 1230364