This update for opensc fixes the following issues
* CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device
responses (bsc#1261214).
* CVE-2025-66037: crafted input can cause an out-of-bounds read (bsc#1261218).
* CVE-2025-66038: improper compact-TLV length validation can lead to crash or
unexpected behavior (bsc#1261219).
* CVE-2025-66215: crafted smart card or USB device can cause a stack-buffer-
overflow write (bsc#1261220).
* CVE-2026-10275: global buffer overflow during key pair generation tests due
to missing input validation (bsc#1267246).
* CVE-2026-40528: stack and heap buffer overrun in the `do_key_value()`
function due to missing length check allows for memory corruption via a
crafted profile configuration file (bsc#1266963).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2697=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2697=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2697=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2697=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* opensc-0.22.0-150600.11.11.1
* opensc-debuginfo-0.22.0-150600.11.11.1
* opensc-debugsource-0.22.0-150600.11.11.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* opensc-0.22.0-150600.11.11.1
* opensc-debuginfo-0.22.0-150600.11.11.1
* opensc-debugsource-0.22.0-150600.11.11.1
* openSUSE Leap 15.6 (x86_64)
* opensc-32bit-0.22.0-150600.11.11.1
* opensc-32bit-debuginfo-0.22.0-150600.11.11.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* opensc-64bit-debuginfo-0.22.0-150600.11.11.1
* opensc-64bit-0.22.0-150600.11.11.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* opensc-0.22.0-150600.11.11.1
* opensc-debuginfo-0.22.0-150600.11.11.1
* opensc-debugsource-0.22.0-150600.11.11.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* opensc-0.22.0-150600.11.11.1
* opensc-debuginfo-0.22.0-150600.11.11.1
* opensc-debugsource-0.22.0-150600.11.11.1
* bsc#1261214
* bsc#1261218
* bsc#1261219
* bsc#1261220
* bsc#1266963
* bsc#1267246
## References:
* https://www.suse.com/security/cve/CVE-2025-49010.html
* https://www.suse.com/security/cve/CVE-2025-66037.html
* https://www.suse.com/security/cve/CVE-2025-66038.html
* https://www.suse.com/security/cve/CVE-2025-66215.html
* https://www.suse.com/security/cve/CVE-2026-10275.html
* https://www.suse.com/security/cve/CVE-2026-40528.html
* https://bugzilla.suse.com/show_bug.cgi?id=1261214
* https://bugzilla.suse.com/show_bug.cgi?id=1261218
* https://bugzilla.suse.com/show_bug.cgi?id=1261219
* https://bugzilla.suse.com/show_bug.cgi?id=1261220
* https://bugzilla.suse.com/show_bug.cgi?id=1266963
* https://bugzilla.suse.com/show_bug.cgi?id=1267246
Get the latest Linux and open source security news straight to your inbox.