Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0565-1

Опубликовано: 16 апр. 2021
Источник: suse-cvrf

Описание

Security update for opensc

This update for opensc fixes the following issues:

  • CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746).
  • CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747)
  • CVE-2019-19479: Fixed an incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256)
  • CVE-2019-19480: Fixed an improper free operation in sc_pkcs15_decode_prkdf_entry (bsc#1158307).
  • CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809).
  • CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file (bsc#1177364).
  • CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart card software driver (bsc#1177380)
  • CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher (bsc#1177378).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.2
opensc-0.19.0-lp152.3.3.1
opensc-32bit-0.19.0-lp152.3.3.1

Ссылки

Описание

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки

Описание

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Затронутые продукты
openSUSE Leap 15.2:opensc-0.19.0-lp152.3.3.1
openSUSE Leap 15.2:opensc-32bit-0.19.0-lp152.3.3.1
Ссылки
Уязвимость openSUSE-SU-2021:0565-1