opensc-0.20.0-2.el8
エラータID: AXSA:2021-1113:01
リリース日:
2021/01/07 Thursday - 06:22
題名:
opensc-0.20.0-2.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSC の libopensc/asn1.c の decode_bit_string() には、ASN.1形式の
ビットストリングの境界外アクセスの脆弱性があります。(CVE-2019-15945)
- OpenSC の libopensc/asn1.c の asn1_decode_entry() には、ASN.1形式の
バイトストリングの境界外アクセスの脆弱性があります。(CVE-2019-15946)
- OpenSC の libopensc/card-setcos.c には SETCOS ファイル属性を解析中に、
不正な読み込み処理を行う脆弱性があります。(CVE-2019-19479)
- OpenSC の libopensc/card-cac1.c には CAC証明書のバッファ制限を
誤って処理してしまう脆弱性があります。(CVE-2019-19481)
- OpenSC の libopensc/card-coolkey.c には唯一性のチェックが欠けているため、
coolkey_free_private_data() で二重解放をしてしまう脆弱性があります。
(CVE-2019-20792)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2019-15945
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVE-2019-15946
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVE-2019-19479
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.
CVE-2019-19481
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.
CVE-2019-20792
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.
追加情報:
N/A
ダウンロード:
SRPMS
- opensc-0.20.0-2.el8.src.rpm
MD5: 26786a95a04171486997bc387255e053
SHA-256: 0c0f55a17967fe141fda2e246a8c2165b5a11d4bd6e655b1e95603a19eb745f8
Size: 2.10 MB
Asianux Server 8 for x86_64
- opensc-0.20.0-2.el8.x86_64.rpm
MD5: 513c8c41a81f73e12b65909d5d068df0
SHA-256: 3f2648862db6057e259a20654b315c8c0b200b109fca777946c81066e9181893
Size: 1.27 MB - opensc-0.20.0-2.el8.i686.rpm
MD5: 42db4fbbafa94633cd0f71faa95c7d77
SHA-256: 2450a913d335996d0610c10f440f6161f51652c84486ba52fa1b21323b14e046
Size: 1.28 MB