Lucene search

AmazonALAS-2024-2566

HistoryJun 06, 2024 - 8:17 p.m.

Medium: opensc

2024-06-0620:17:00

alas.aws.amazon.com

opensc

vulnerability

pkcs#1 encryption

padding removal

side-channel resistant

private data

cve-2023-5992

update

amazon linux 2

red hat

mitre

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.9%

JSON

Issue Overview:

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. (CVE-2023-5992)

Affected Packages:

opensc

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update opensc to update your system.

New Packages:

aarch64:  
    opensc-0.19.0-6.amzn2.0.1.aarch64  
    opensc-debuginfo-0.19.0-6.amzn2.0.1.aarch64  
  
i686:  
    opensc-0.19.0-6.amzn2.0.1.i686  
    opensc-debuginfo-0.19.0-6.amzn2.0.1.i686  
  
src:  
    opensc-0.19.0-6.amzn2.0.1.src  
  
x86_64:  
    opensc-0.19.0-6.amzn2.0.1.x86_64  
    opensc-debuginfo-0.19.0-6.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2023-5992

Mitre: CVE-2023-5992

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64opensc< 0.19.0-6.amzn2.0.1opensc-0.19.0-6.amzn2.0.1.aarch64.rpm
Amazon Linux2aarch64opensc-debuginfo< 0.19.0-6.amzn2.0.1opensc-debuginfo-0.19.0-6.amzn2.0.1.aarch64.rpm
Amazon Linux2i686opensc< 0.19.0-6.amzn2.0.1opensc-0.19.0-6.amzn2.0.1.i686.rpm
Amazon Linux2i686opensc-debuginfo< 0.19.0-6.amzn2.0.1opensc-debuginfo-0.19.0-6.amzn2.0.1.i686.rpm
Amazon Linux2x86_64opensc< 0.19.0-6.amzn2.0.1opensc-0.19.0-6.amzn2.0.1.x86_64.rpm
Amazon Linux2x86_64opensc-debuginfo< 0.19.0-6.amzn2.0.1opensc-debuginfo-0.19.0-6.amzn2.0.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	2	aarch64	opensc	< 0.19.0-6.amzn2.0.1	opensc-0.19.0-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	aarch64	opensc-debuginfo	< 0.19.0-6.amzn2.0.1	opensc-debuginfo-0.19.0-6.amzn2.0.1.aarch64.rpm
Amazon Linux	2	i686	opensc	< 0.19.0-6.amzn2.0.1	opensc-0.19.0-6.amzn2.0.1.i686.rpm
Amazon Linux	2	i686	opensc-debuginfo	< 0.19.0-6.amzn2.0.1	opensc-debuginfo-0.19.0-6.amzn2.0.1.i686.rpm
Amazon Linux	2	x86_64	opensc	< 0.19.0-6.amzn2.0.1	opensc-0.19.0-6.amzn2.0.1.x86_64.rpm
Amazon Linux	2	x86_64	opensc-debuginfo	< 0.19.0-6.amzn2.0.1	opensc-debuginfo-0.19.0-6.amzn2.0.1.x86_64.rpm