Security update for opensc (moderate)

An update that fixes 8 vulnerabilities is now available.

Description:

This update for opensc fixes the following issues:

• CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in
  decode_bit_string (bsc#1149746).
• CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string
  in asn1_decode_entry (bsc#1149747)
• CVE-2019-19479: Fixed an incorrect read operation during parsing of a
  SETCOS file attribute (bsc#1158256)
• CVE-2019-19480: Fixed an improper free operation in
  sc_pkcs15_decode_prkdf_entry (bsc#1158307).
• CVE-2019-20792: Fixed a double free in coolkey_free_private_data
  (bsc#1170809).
• CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file
  (bsc#1177364).
• CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart
  card software driver (bsc#1177380)
• CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher
  (bsc#1177378).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2021-565=1