opensc-0.20.0-4.el8, opensc-0.20.0-4.el8

エラータID: AXSA:2021-1949:01

Release date: 
Monday, June 14, 2021 - 04:51
Subject: 
opensc-0.20.0-4.el8, opensc-0.20.0-4.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.

Security Fix(es):

* opensc: heap-based buffer overflow in sc_oberthur_read_file (CVE-2020-26570)
* opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init (CVE-2020-26571)
* opensc: stack-based buffer overflow in tcos_decipher (CVE-2020-26572)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-26570
The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
CVE-2020-26571
The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26572
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. opensc-0.20.0-4.el8.src.rpm
    MD5: 5d48b33643db45f2d3d49a7ff70d9aea
    SHA-256: 3c6321707714e86be3ea550f52dcaecbd2d0d76877f644bd9af3017ac2554a28
    Size: 2.11 MB

Asianux Server 8 for x86_64
  1. opensc-0.20.0-4.el8.x86_64.rpm
    MD5: 265a8123a2a982aee92bc7cc0833705c
    SHA-256: 6c085ae5895557d2e8a9fb46871c713fab52e49567622422733c9fd92c45c69f
    Size: 1.27 MB
  2. opensc-0.20.0-4.el8.i686.rpm
    MD5: d7b5eca547bee602794ffc9f8168820d
    SHA-256: fb9926e3529b3fd4ce14fb1e45b798939e149f467d040ef9b288c111b5726cf8
    Size: 1.28 MB