Adsons

    Mageia 2019-0019: opensc security update

    Date08 Jan 2019
    CategoryMageia
    39
    Posted ByLinuxSecurity Advisories
    Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16391).
    MGASA-2019-0019 - Updated opensc packages fix security vulnerabilities
    
    Publication date: 08 Jan 2019
    URL: https://advisories.mageia.org/MGASA-2019-0019.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-16391,
         CVE-2018-16392,
         CVE-2018-16393,
         CVE-2018-16418,
         CVE-2018-16419,
         CVE-2018-16420,
         CVE-2018-16421,
         CVE-2018-16422,
         CVE-2018-16423,
         CVE-2018-16424,
         CVE-2018-16425,
         CVE-2018-16426,
         CVE-2018-16427
    
    Several buffer overflows when handling responses from a Muscle Card in
    muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1
    could be used by attackers able to supply crafted smartcards to cause a
    denial of service (application crash) or possibly have unspecified other
    impact (CVE-2018-16391).
    
    Several buffer overflows when handling responses from a TCOS Card in
    tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1
    could be used by attackers able to supply crafted smartcards to cause a
    denial of service (application crash) or possibly have unspecified other
    impact (CVE-2018-16392).
    
    Several buffer overflows when handling responses from a Gemsafe V1
    Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in
    OpenSC before 0.19.0-rc1 could be used by attackers able to supply
    crafted smartcards to cause a denial of service (application crash) or
    possibly have unspecified other impact (CVE-2018-16393).
    
    A buffer overflow when handling string concatenation in util_acl_to_str
    in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers
    able to supply crafted smartcards to cause a denial of service
    (application crash) or possibly have unspecified other impact
    (CVE-2018-16418).
    
    Several buffer overflows when handling responses from a Cryptoflex card
    in read_public_key in tools/cryptoflex-tool.c in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to cause a denial of service (application crash) or possibly have
    unspecified other impact (CVE-2018-16419).
    
    Several buffer overflows when handling responses from an ePass 2003 Card
    in decrypt_response in libopensc/card-epass2003.c in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to cause a denial of service (application crash) or possibly have
    unspecified other impact (CVE-2018-16420).
    
    Several buffer overflows when handling responses from a CAC Card in
    cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to cause a denial of service (application crash) or possibly have
    unspecified other impact (CVE-2018-16421).
    
    A single byte buffer overflow when handling responses from an esteid
    Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC
    before 0.19.0-rc1 could be used by attackers able to supply crafted
    smartcards to cause a denial of service (application crash) or possibly
    have unspecified other impact (CVE-2018-16422).
    
    A double free when handling responses from a smartcard in
    sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could
    be used by attackers able to supply crafted smartcards to cause a denial
    of service (application crash) or possibly have unspecified other impact
    (CVE-2018-16423).
    
    A double free when handling responses in read_file in
    tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1
    could be used by attackers able to supply crafted smartcards to cause a
    denial of service (application crash) or possibly have unspecified other
    impact (CVE-2018-16424).
    
    A double free when handling responses from an HSM Card in
    sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to cause a denial of service (application crash) or possibly have
    unspecified other impact (CVE-2018-16425).
    
    Endless recursion when handling responses from an IAS-ECC card in
    iasecc_select_file in libopensc/card-iasecc.c in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to hang or crash the opensc library using programs (CVE-2018-16426).
    
    Various out of bounds reads when handling responses in OpenSC before
    0.19.0-rc1 could be used by attackers able to supply crafted smartcards
    to potentially crash the opensc library using programs (CVE-2018-16427).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=23447
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/FELOINZJEHXTJ757WSU4HYL5HWENARJH/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427
    
    SRPMS:
    - 6/core/opensc-0.19.0-1.mga6
    

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories