opensc-0.23.0-2.el9
エラータID: AXSA:2023-6859:01
リリース日:
2023/12/11 Monday - 09:03
題名:
opensc-0.23.0-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- OpenSC の pkcs15 機能の cardos_have_verifyrc_package() 関数
には、ヒープ領域の範囲外読み取りの問題があるため、ローカル
の攻撃者により、細工された ASN1 コンテキストを含むスマート
カードを介して、情報の漏洩、およびサービス拒否攻撃 (クラッシュ
の発生) を可能とする脆弱性が存在します。(CVE-2023-2977)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
追加情報:
N/A
ダウンロード:
SRPMS
- opensc-0.23.0-2.el9.src.rpm
MD5: 1b07a45e40e1bce542b840b8826290ae
SHA-256: 60134cd7e84089d22d861d5261d0e2bc011df54aaaa7327dc599550083e4adb6
Size: 2.30 MB
Asianux Server 9 for x86_64
- opensc-0.23.0-2.el9.i686.rpm
MD5: 6cac3fee957b92ed7c70ab343199e8ee
SHA-256: f9a514ea56449b38b27c27b9ed5543d24ce990fdbf3a6471774387f6db159a55
Size: 1.26 MB - opensc-0.23.0-2.el9.x86_64.rpm
MD5: bf09cacf3aaa52c5853d4912685c254c
SHA-256: 25fd53e058e61e0b484e9b21d159d6c509d7dccf2ce88fa962f276b158b86eaa
Size: 1.26 MB
English