Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE: 2025:20072-1 moderate: opensc security update details

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
This notification outlines a security enhancement for OpenSC on SUSE, responding to several moderate risk vulnerabilities. Immediate action is required!
* bsc#1230071 * bsc#1230072 * bsc#1230073 * bsc#1230074 * bsc#1230075

Summary

## This update for opensc fixes the following issues: * CVE-2024-8443: Fixed heap buffer overflow in OpenPGP driver when generating key (bsc#1230364) * CVE-2024-45620: Fixed incorrect handling of the length of buffers or files in pkcs15init (bsc#1230076) * CVE-2024-45619: Fixed incorrect handling length of buffers or files in libopensc (bsc#1230075) * CVE-2024-45618: Fixed uninitialized values after incorrect or missing checking return values of functions in pkcs15init (bsc#1230074) * CVE-2024-45617: Fixed uninitialized values after incorrect or missing checking return values of functions in libopensc (bsc#1230073) * CVE-2024-45616: Fixed uninitialized values after incorrect check or usage of APDU response values in libopensc (bsc#1230072)

References

* bsc#1230071

* bsc#1230072

* bsc#1230073

* bsc#1230074

* bsc#1230075

* bsc#1230076

* bsc#1230364

Cross-

* CVE-2024-45615

* CVE-2024-45616

* CVE-2024-45617

* CVE-2024-45618

* CVE-2024-45619

* CVE-2024-45620

* CVE-2024-8443

CVSS scores:

* CVE-2024-45615 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-45615 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45615 ( NVD ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2024-45616 ( SUSE ): 1.0

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2024-45616 ( SUSE ): 3.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Announcement ID: SUSE-SU-2025:20072-1
Release Date: 2025-02-03T09:03:35Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here