Synopsis: Moderate: opensc security, bug fix, and enhancement update Advisory ID: SLSA-2019:2154-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2018-16391 CVE-2018-16418 CVE-2018-16419 CVE-2018-16422 CVE-2018-16420 CVE-2018-16427 CVE-2018-16421 CVE-2018-16423 CVE-2018-16392 CVE-2018-16426 CVE-2018-16393 -- The following packages have been upgraded to a later upstream version: opensc (0.19.0). Security Fix(es): * opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391) * opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392) * opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393) * opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418) * opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419) * opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420) * opensc: Buffer overflows handling responses from CAC Cards in card- cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421) * opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422) * opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423) * opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427) * opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426) -- SL7 x86_64 opensc-0.19.0-3.el7.x86_64.rpm opensc-0.19.0-3.el7.i686.rpm opensc-debuginfo-0.19.0-3.el7.i686.rpm opensc-debuginfo-0.19.0-3.el7.x86_64.rpm - Scientific Linux Development Team