SUSE Linux Enterprise Micro opensc Low Attack Surface Advisory 2026-1477-1

suse

April 20, 2026

An update that solves four vulnerabilities can now be installed.

Summary

## This update for opensc fixes the following issues: * CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in `GET RESPONSE` (bsc#1261214). * CVE-2025-66037: specially crafted input processed by the `fuzz_pkcs15_reader` harness can lead to an out-of-bounds heap read in the X.509/SPKI handling path (bsc#1261218). * CVE-2025-66038: improper compact-TLV length validation can lead to the dereferecing of out-of-bounds pointers and memory corruption (bsc#1261219). * CVE-2025-66215: specially crafted smart card or USB device can lead to a stack buffer overflow write in `card-oberthur` (bsc#1261220). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Topics Covered

security advisory buffer overflow memory corruption low opensc SUSE Linux Enterprise Micro

References

* bsc#1261214

* bsc#1261218

* bsc#1261219

* bsc#1261220

Cross-

* CVE-2025-49010

* CVE-2025-66037

* CVE-2025-66038

* CVE-2025-66215

CVSS scores:

* CVE-2025-49010 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-49010 ( SUSE ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2025-49010 ( NVD ): 3.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2025-49010 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-66037 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-66037 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-66037 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity

low

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:1477-1

Release Date: 2026-04-20T10:08:55Z

Rating: low

Topics Covered

security advisory buffer overflow memory corruption low opensc SUSE Linux Enterprise Micro

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Micro opensc Low Attack Surface Advisory 2026-1477-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux Enterprise Micro opensc Low Attack Surface Advisory 2026-1477-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!