Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 31 opensc FEDORA-2020-3c93790abe Critical: Buffer Limit Issues

fedora
Calendar Grey January 24, 2020
Dist Fedora Esm H88
The latest Fedora 31 update for OpenSC introduces essential security patches that tackle various vulnerabilities.
New upstream release with security fixes for CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2019-19480, CVE-2019-19481

Summary

OpenSC provides a set of libraries and utilities to work with smart cards. Its

main focus is on cards that support cryptographic operations, and facilitate

their use in security applications such as authentication, mail encryption and

digital signatures. OpenSC implements the PKCS#11 API so applications

supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On

the card OpenSC implements the PKCS#15 standard and aims to be compatible with

every software/card that does so, too.

New upstream release with security fixes for CVE-2019-15945, CVE-2019-15946,

CVE-2019-19479, CVE-2019-19480, CVE-2019-19481

* Fri Jan 10 2020 Jakub Jelen - 0.20.0-3

- Drop the notification support for now

* Fri Jan 10 2020 Jakub Jelen - 0.20.0-2

- Cleanup spec file

- Split notify support to separate subpackage

* Thu Jan 2 2020 Jakub Jelen - 0.20.0-1

- New upstream release (#1749357)

- Fixes for various security issues identified by fuzzing (#1765223, #1765231, #1782520, #1782951, #1782956)

[ 1 ] Bug #1765222 - CVE-2019-15945 opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c

https://bugzilla.redhat.com/show_bug.cgi?id=1765222

[ 2 ] Bug #1765229 - CVE-2019-15946 opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c

https://bugzilla.redhat.com/show_bug.cgi?id=1765229

[ 3 ] Bug #1782519 - CVE-2019-19479 opensc: incorrect read operation during parsing of a SETCOS file attribute

https://bugzilla.redhat.com/show_bug.cgi?id=1782519

[ 4 ] Bug #1782955 - CVE-2019-19481 opensc: improper handling of buffer limits for CAC certificates

https://bugzilla.redhat.com/show_bug.cgi?id=1782955

su -c 'dnf upgrade --advisory FEDORA-2020-3c93790abe' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory security update Fedora authentication opensc buffer limit cryptographic operations

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 31
Version: 0.20.0
Release: 3.fc31
URL: https://github.com/OpenSC/OpenSC/wiki
Summary: Smart card library and applications

Topics%20covered

Topics Covered

security advisory security update Fedora authentication opensc buffer limit cryptographic operations

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here