opensc-0.23.0-2.el9

エラータID: AXSA:2023-6859:01

Release date: 
Monday, December 11, 2023 - 09:03
Subject: 
opensc-0.23.0-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.

Security Fix(es):

* opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package (CVE-2023-2977)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Solution: 

Update packages.

CVEs: 
CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
Additional Info: 

N/A

Download: 

SRPMS
  1. opensc-0.23.0-2.el9.src.rpm
    MD5: 1b07a45e40e1bce542b840b8826290ae
    SHA-256: 60134cd7e84089d22d861d5261d0e2bc011df54aaaa7327dc599550083e4adb6
    Size: 2.30 MB

Asianux Server 9 for x86_64
  1. opensc-0.23.0-2.el9.i686.rpm
    MD5: 6cac3fee957b92ed7c70ab343199e8ee
    SHA-256: f9a514ea56449b38b27c27b9ed5543d24ce990fdbf3a6471774387f6db159a55
    Size: 1.26 MB
  2. opensc-0.23.0-2.el9.x86_64.rpm
    MD5: bf09cacf3aaa52c5853d4912685c254c
    SHA-256: 25fd53e058e61e0b484e9b21d159d6c509d7dccf2ce88fa962f276b158b86eaa
    Size: 1.26 MB