SUSE-SU-2022:1041-1 -- SLES openscID: oval:org.secpod.oval:def:89046187 | Date: (C)2022-04-04 (M)2023-12-26 |
Class: PATCH | Family: unix |
This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42780: Fixed use after return in insert_pin . - CVE-2021-42779: Fixed use after free in sc_file_valid . - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c . - CVE-2021-42782: Stack buffer overflow issues in various places . - CVE-2019-6502: Fixed a memory leak in sc_context_create . - CVE-2020-26570: Fixed a heap based buffer overflow in sc_oberthur_read_file . - CVE-2020-26572: Prevent out of bounds write - CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow - CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry - CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute - CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string . - CVE-2019-19481: Fixed an improper handling of buffer limits for CAC certificates . - CVE-2019-20792: Fixed a double free in coolkey_free_private_data . Non-security issues fixed: - Fixes segmentation fault in "pkcs11-tool.c"
Platform: |
SUSE Linux Enterprise Server 15 |