Lucene search

K
suseSuseOPENSUSE-SU-2021:0565-1
HistoryApr 17, 2021 - 12:00 a.m.

Security update for opensc (moderate)

2021-04-1700:00:00
lists.opensuse.org
17

EPSS

0.002

Percentile

54.7%

An update that fixes 8 vulnerabilities is now available.

Description:

This update for opensc fixes the following issues:

  • CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in
    decode_bit_string (bsc#1149746).
  • CVE-2019-15946: Fixed an out-of-bounds access of an ASN.1 Octet string
    in asn1_decode_entry (bsc#1149747)
  • CVE-2019-19479: Fixed an incorrect read operation during parsing of a
    SETCOS file attribute (bsc#1158256)
  • CVE-2019-19480: Fixed an improper free operation in
    sc_pkcs15_decode_prkdf_entry (bsc#1158307).
  • CVE-2019-20792: Fixed a double free in coolkey_free_private_data
    (bsc#1170809).
  • CVE-2020-26570: Fixed a buffer overflow in sc_oberthur_read_file
    (bsc#1177364).
  • CVE-2020-26571: Fixed a stack-based buffer overflow in gemsafe GPK smart
    card software driver (bsc#1177380)
  • CVE-2020-26572: Fixed a stack-based buffer overflow in tcos_decipher
    (bsc#1177378).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-565=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (x86_64):- openSUSE Leap 15.2 (x86_64):.x86_64.rpm