USN-7346-1 introduced a regression in OpenSC.
Software Description:
- opensc: Smart card utilities with support for PKCS#15 compatible cards
Details:
USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a
regression which broke smartcard based authentication. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a use-after-free vulnerability. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780)
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a stack buffer overflow. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue onl...
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS opensc 0.20.0-3ubuntu0.1~esm4 Available with Ubuntu Pro opensc-pkcs11 0.20.0-3ubuntu0.1~esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7346-3
https://ubuntu.com/security/notices/USN-7346-2
https://ubuntu.com/security/notices/USN-7346-1
CVE-2021-42780, CVE-2021-42782, CVE-2023-2977, CVE-2023-40660,
CVE-2023-40661, CVE-2024-45615, CVE-2024-45616, CVE-2024-45617,
CVE-2024-45618, CVE-2024-45620, CVE-2024-8443,
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/2104948
Get the latest Linux and open source security news straight to your inbox.