SCIENTIFIC-LINUX-ERRATA Archives

August 2019

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Farhan Ahmed <[log in to unmask]>
Reply To:
Date:
Mon, 26 Aug 2019 19:03:59 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (64 lines)
Synopsis: Moderate: opensc security, bug fix, and enhancement update
Advisory ID: SLSA-2019:2154-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2018-16391
                   CVE-2018-16418
                   CVE-2018-16419
                   CVE-2018-16422
                   CVE-2018-16420
                   CVE-2018-16427
                   CVE-2018-16421
                   CVE-2018-16423
                   CVE-2018-16392
                   CVE-2018-16426
                   CVE-2018-16393
--

The following packages have been upgraded to a later upstream version:
opensc (0.19.0).

Security Fix(es):

* opensc: Buffer overflows handling responses from Muscle Cards in card-
muscle.c:muscle_list_files() (CVE-2018-16391)

* opensc: Buffer overflows handling responses from TCOS Cards in card-
tcos.c:tcos_select_file() (CVE-2018-16392)

* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards
in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)

* opensc: Buffer overflow handling string concatention in
tools/util.c:util_acl_to_str() (CVE-2018-16418)

* opensc: Buffer overflow handling responses from Cryptoflex cards in
cryptoflex-tool.c:read_public_key() (CVE-2018-16419)

* opensc: Buffer overflows handling responses from ePass 2003 Cards in
card-epass2003.c:decrypt_response() (CVE-2018-16420)

* opensc: Buffer overflows handling responses from CAC Cards in card-
cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)

* opensc: Buffer overflow handling responses from esteid cards in
pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)

* opensc: Double free handling responses from smartcards in
libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)

* opensc: Out of bounds reads handling responses from smartcards
(CVE-2018-16427)

* opensc: Infinite recusrion handling responses from IAS-ECC cards in
card-iasecc.c:iasecc_select_file() (CVE-2018-16426)
--

SL7
  x86_64
    opensc-0.19.0-3.el7.x86_64.rpm
    opensc-0.19.0-3.el7.i686.rpm
    opensc-debuginfo-0.19.0-3.el7.i686.rpm
    opensc-debuginfo-0.19.0-3.el7.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2