 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 26 Aug 2019 19:03:59 -0000 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: opensc security, bug fix, and enhancement update
Advisory ID: SLSA-2019:2154-1
Issue Date: 2019-08-06
CVE Numbers: CVE-2018-16391
CVE-2018-16418
CVE-2018-16419
CVE-2018-16422
CVE-2018-16420
CVE-2018-16427
CVE-2018-16421
CVE-2018-16423
CVE-2018-16392
CVE-2018-16426
CVE-2018-16393
--
The following packages have been upgraded to a later upstream version:
opensc (0.19.0).
Security Fix(es):
* opensc: Buffer overflows handling responses from Muscle Cards in card-
muscle.c:muscle_list_files() (CVE-2018-16391)
* opensc: Buffer overflows handling responses from TCOS Cards in card-
tcos.c:tcos_select_file() (CVE-2018-16392)
* opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards
in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)
* opensc: Buffer overflow handling string concatention in
tools/util.c:util_acl_to_str() (CVE-2018-16418)
* opensc: Buffer overflow handling responses from Cryptoflex cards in
cryptoflex-tool.c:read_public_key() (CVE-2018-16419)
* opensc: Buffer overflows handling responses from ePass 2003 Cards in
card-epass2003.c:decrypt_response() (CVE-2018-16420)
* opensc: Buffer overflows handling responses from CAC Cards in card-
cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)
* opensc: Buffer overflow handling responses from esteid cards in
pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)
* opensc: Double free handling responses from smartcards in
libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)
* opensc: Out of bounds reads handling responses from smartcards
(CVE-2018-16427)
* opensc: Infinite recusrion handling responses from IAS-ECC cards in
card-iasecc.c:iasecc_select_file() (CVE-2018-16426)
--
SL7
x86_64
opensc-0.19.0-3.el7.x86_64.rpm
opensc-0.19.0-3.el7.i686.rpm
opensc-debuginfo-0.19.0-3.el7.i686.rpm
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm
- Scientific Linux Development Team
|
|
|
