Security update for opensc
Announcement ID: | SUSE-SU-2024:3517-1 |
---|---|
Release Date: | 2024-10-03T12:03:40Z |
Rating: | low |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves seven vulnerabilities and has one security fix can now be installed.
Description:
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-3517=1
-
SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3517=1
-
SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-3517=1
Package List:
-
SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
- opensc-debuginfo-0.19.0-150100.3.31.1
- opensc-debugsource-0.19.0-150100.3.31.1
- opensc-0.19.0-150100.3.31.1
-
SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
- opensc-debuginfo-0.19.0-150100.3.31.1
- opensc-debugsource-0.19.0-150100.3.31.1
- opensc-0.19.0-150100.3.31.1
-
SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
- opensc-debuginfo-0.19.0-150100.3.31.1
- opensc-debugsource-0.19.0-150100.3.31.1
- opensc-0.19.0-150100.3.31.1
References:
- https://www.suse.com/security/cve/CVE-2024-45615.html
- https://www.suse.com/security/cve/CVE-2024-45616.html
- https://www.suse.com/security/cve/CVE-2024-45617.html
- https://www.suse.com/security/cve/CVE-2024-45618.html
- https://www.suse.com/security/cve/CVE-2024-45619.html
- https://www.suse.com/security/cve/CVE-2024-45620.html
- https://www.suse.com/security/cve/CVE-2024-8443.html
- https://bugzilla.suse.com/show_bug.cgi?id=1217722
- https://bugzilla.suse.com/show_bug.cgi?id=1230071
- https://bugzilla.suse.com/show_bug.cgi?id=1230072
- https://bugzilla.suse.com/show_bug.cgi?id=1230073
- https://bugzilla.suse.com/show_bug.cgi?id=1230074
- https://bugzilla.suse.com/show_bug.cgi?id=1230075
- https://bugzilla.suse.com/show_bug.cgi?id=1230076
- https://bugzilla.suse.com/show_bug.cgi?id=1230364