Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:3445-1 low: opensc security patch addressing buffer overflow

suse
Calendar Grey September 25, 2024
Dist Suse Esm H88
The opensc patch release covers several minor vulnerabilities and offers guidance on installation procedures along with details about the systems impacted.
* bsc#1217722 * bsc#1230071 * bsc#1230072 * bsc#1230073 * bsc#1230074

Summary

## This update for opensc fixes the following issues: * CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076) * CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075) * CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074) * CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073) * CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072) * CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071) * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key.

Topics%20covered

Topics Covered

security advisory buffer overflow patch low severity SUSE opensc

References

* bsc#1217722

* bsc#1230071

* bsc#1230072

* bsc#1230073

* bsc#1230074

* bsc#1230075

* bsc#1230076

* bsc#1230364

Cross-

* CVE-2024-45615

* CVE-2024-45616

* CVE-2024-45617

* CVE-2024-45618

* CVE-2024-45619

* CVE-2024-45620

* CVE-2024-8443

CVSS scores:

* CVE-2024-45615 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-45615 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45616 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-45616 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3445-1
Rating: low

Topics%20covered

Topics Covered

security advisory buffer overflow patch low severity SUSE opensc

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here