Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2018:3622-2 Moderate: OpenSC Denial Of Service Fix

suse
Calendar Grey December 10, 2018
Dist Suse Esm H88
SUSE security patch for opensc resolves various vulnerabilities classified as moderate severity, and offers detailed patching instructions.
An update that solves 10 vulnerabilities and has one errata is now available

Summary

This update for opensc fixes the following issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)

References

#1104812 #1106998 #1106999 #1107033 #1107034

#1107037 #1107038 #1107039 #1107097 #1107107

#1108318

Cross- CVE-2018-16391 CVE-2018-16392 CVE-2018-16393

CVE-2018-16418 CVE-2018-16419 CVE-2018-16420

CVE-2018-16422 CVE-2018-16423 CVE-2018-16426

CVE-2018-16427

Affected Products:

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Desktop 12-SP4

https://www.suse.com/security/cve/CVE-2018-16391.html

https://www.suse.com/security/cve/CVE-2018-16392.html

https://www.suse.com/security/cve/CVE-2018-16393.html

https://www.suse.com/security/cve/CVE-2018-16418.html

https://www.suse.com/security/cve/CVE-2018-16419.html

https://www.suse.com/security/cve/CVE-2018-16420.html

https://www.suse.com/security/cve/CVE-2018-16422.html

Announcement ID: SUSE-SU-2018:3622-2
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here