Fedora 38: Security Advisory for OpenSC Critical Memory & PIN Issues

fedora

December 23, 2023

New upstream release (#2240701) with security fixes for CVE-2023-40660, CVE-2023-4535, CVE-2023-40661

Summary

OpenSC provides a set of libraries and utilities to work with smart cards. Its

main focus is on cards that support cryptographic operations, and facilitate

their use in security applications such as authentication, mail encryption and

digital signatures. OpenSC implements the PKCS#11 API so applications

supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On

the card OpenSC implements the PKCS#15 standard and aims to be compatible with

every software/card that does so, too.

Update Information:

New upstream release (#2240701) with security fixes for CVE-2023-40660, CVE-2023-4535, CVE-2023-40661

Topics Covered

security advisory update Fedora memory issue smart card PIN bypass

Change Log

* Thu Dec 14 2023 Veronika Hanulikova - 0.24.0-1 - New upstream release (#2240701)

References

[ 1 ] Bug #2240912 - CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state https://bugzilla.redhat.com/show_bug.cgi?id=2240912 [ 2 ] Bug #2240913 - CVE-2023-40661 OpenSC: multiple memory issues with pkcs15-init (enrollment tool) https://bugzilla.redhat.com/show_bug.cgi?id=2240913 [ 3 ] Bug #2240914 - CVE-2023-4535 OpenSC: out-of-bounds read in MyEID driver handling encryption using symmetric keys https://bugzilla.redhat.com/show_bug.cgi?id=2240914

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c7e4c9af51' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity

critical

Lowest

Low

Medium

High

Critical

Name: opensc

Product: Fedora 38

Version: 0.24.0

Release: 1.fc38

URL: https://github.com/OpenSC/OpenSC/wiki

Summary: Smart card library and applications

Topics Covered

security advisory update Fedora memory issue smart card PIN bypass

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 38: Security Advisory for OpenSC Critical Memory & PIN Issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 38: Security Advisory for OpenSC Critical Memory & PIN Issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!