Advisories


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2832-1                [email protected]
https://www.debian.org/lts/security/                          Adrian Bunk
November 29, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : opensc
Version        : 0.16.0-3+deb9u2
CVE ID         : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 
                 CVE-2020-26571 CVE-2020-26572
Debian Bug     : 939668 939669 947383 972035 972036 972037

Several vulnerabilities were fixed in the OpenSC smart card utilities.

CVE-2019-15945

    Out-of-bounds access of an ASN.1 Bitstring.

CVE-2019-15946

    Out-of-bounds access of an ASN.1 Octet string.

CVE-2019-19479

    Incorrect read operation in the Setec driver.

CVE-2020-26570

    Heap-based buffer overflow in the Oberthur driver.

CVE-2020-26571

    Stack-based buffer overflow in the GPK driver.

CVE-2020-26572

    Stack-based buffer overflow in the TCOS driver.

For Debian 9 stretch, these problems have been fixed in version
0.16.0-3+deb9u2.

We recommend that you upgrade your opensc packages.

For the detailed security status of opensc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-2832-1: opensc security update

November 29, 2021
Several vulnerabilities were fixed in the OpenSC smart card utilities

Summary

CVE-2019-15945

Out-of-bounds access of an ASN.1 Bitstring.

CVE-2019-15946

Out-of-bounds access of an ASN.1 Octet string.

CVE-2019-19479

Incorrect read operation in the Setec driver.

CVE-2020-26570

Heap-based buffer overflow in the Oberthur driver.

CVE-2020-26571

Stack-based buffer overflow in the GPK driver.

CVE-2020-26572

Stack-based buffer overflow in the TCOS driver.

For Debian 9 stretch, these problems have been fixed in version
0.16.0-3+deb9u2.

We recommend that you upgrade your opensc packages.

For the detailed security status of opensc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Severity
Package : opensc
Version : 0.16.0-3+deb9u2
CVE ID : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570
Debian Bug : 939668 939669 947383 972035 972036 972037
Several vulnerabilities were fixed in the OpenSC smart card utilities.
Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.