## This update for opensc fixes the following issues: * CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key (bsc#1230364) * CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init (bsc#1230076) * CVE-2024-45619: Fixed incorrect handling length of buffers or files in libopensc (bsc#1230075) * CVE-2024-45618: Fixed uninitialized values after incorrect or missing checking return values of functions in pkcs15init (bsc#1230074) * CVE-2024-45617: Fixed uninitialized values after incorrect or missing checking return values of functions in libopensc (bsc#1230073) * CVE-2024-45616: Fixed uninitialized values after incorrect check or usage of APDU response values in libopensc (bsc#1230072)
* bsc#1230071
* bsc#1230072
* bsc#1230073
* bsc#1230074
* bsc#1230075
* bsc#1230076
* bsc#1230364
Cross-
* CVE-2024-45615
* CVE-2024-45616
* CVE-2024-45617
* CVE-2024-45618
* CVE-2024-45619
* CVE-2024-45620
* CVE-2024-8443
CVSS scores:
* CVE-2024-45615 ( SUSE ): 1.0
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-45615 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2024-45616 ( SUSE ): 1.0
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2024-45616 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Get the latest Linux and open source security news straight to your inbox.