opensc-0.20.0-6.el8

エラータID: AXSA:2023-7249:02

Release date: 
Monday, December 25, 2023 - 11:39
Subject: 
opensc-0.20.0-6.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures.

Security Fix(es):

* opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package (CVE-2023-2977)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Solution: 

Update packages.

CVEs: 
CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
Additional Info: 

N/A

Download: 

SRPMS
  1. opensc-0.20.0-6.el8.src.rpm
    MD5: 7f3029fd0bd6ddf0cb39f015a74c844d
    SHA-256: 6bc3e38ddc7d5a754b5cafb5c1a821f7719094cddff87ef77abbf38dabf45a09
    Size: 2.13 MB

Asianux Server 8 for x86_64
  1. opensc-0.20.0-6.el8.i686.rpm
    MD5: ba0e51607a2c89132037db2c1a0ea0ec
    SHA-256: 723f739025cf2cee1bbda0cbf0979ea0314f34b6602f53f419e6d6aea8747c45
    Size: 1.28 MB
  2. opensc-0.20.0-6.el8.x86_64.rpm
    MD5: 86c277c751dc3f94d9ca2410bcdd014c
    SHA-256: ae4f7d57d0d369e59524de3d05df1d4e44b1472a049ff56865a8e809c1a3ffd9
    Size: 1.27 MB