Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 591
Alerts This Week
Warning Icon 1 591

SUSE: 2022:1041-1 Critical: OpenSC Buffer Overflow and Memory Leak

suse
Calendar Grey March 30, 2022
Dist Suse Esm H88
Urgent SUSE Security Patch resolves 14 vulnerabilities in opensc including comprehensive remediation guidelines and impacted software listings.
An update that solves 13 vulnerabilities and has one errata is now available

Summary

This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). - CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756). - CVE-2020-26570: Fixed a heap based buffer overflow in sc_oberthur_read_file (bsc#1177364). - CVE-2020-26572: Prevent out of bounds write (bsc#1177378) - CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380) - CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in

References

#1114649 #1122756 #1149746 #1149747 #1158256

#1158305 #1170809 #1177364 #1177378 #1177380

#1191957 #1191992 #1192000 #1192005

Cross- CVE-2019-15945 CVE-2019-15946 CVE-2019-19479

CVE-2019-19481 CVE-2019-20792 CVE-2019-6502

CVE-2020-26570 CVE-2020-26571 CVE-2020-26572

CVE-2021-42779 CVE-2021-42780 CVE-2021-42781

CVE-2021-42782

CVSS scores:

CVE-2019-15945 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-15945 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2019-15946 (NVD) : 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-15946 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2019-19479 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1041-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.