Several security issues were fixed in opensc.
Software Description:
- opensc: Smart card utilities with support for PKCS#15 compatible cards
Details:
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a use-after-free vulnerability. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780)
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a stack buffer overflow. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782)
It was discovered that OpenSC did not correctly handle the length of
certain buffers, which could lead to a out-of-bounds access vulnerability.
An attacker could possibly use this issue to cause a denial ...
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 opensc 0.25.1-2ubuntu1.1 opensc-pkcs11 0.25.1-2ubuntu1.1 Ubuntu 24.04 LTS opensc 0.25.0~rc1-1ubuntu0.1~esm1 Available with Ubuntu Pro opensc-pkcs11 0.25.0~rc1-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS opensc 0.22.0-1ubuntu2+esm1 Available with Ubuntu Pro opensc-pkcs11 0.22.0-1ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS opensc 0.20.0-3ubuntu0.1~esm2 Available with Ubuntu Pro opensc-pkcs11 0.20.0-3ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS opensc 0.17.0-3ubuntu0.1~esm2 Available with Ubuntu Pro opensc-pkcs11 0.17.0-3ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 16.04 LTS opensc 0.15.0-1ubuntu1+esm2 Available with Ubuntu Pro opensc-pkcs11 0.15.0-1ubuntu1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7346-1
CVE-2021-42780, CVE-2021-42782, CVE-2023-2977, CVE-2023-40660,
CVE-2023-40661, CVE-2023-5992, CVE-2024-45615, CVE-2024-45616,
CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620,
CVE-2024-8443
Get the latest Linux and open source security news straight to your inbox.