opensc-0.20.0-6.el8
エラータID: AXSA:2023-7249:02
リリース日:
2023/12/25 Monday - 11:39
題名:
opensc-0.20.0-6.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- OpenSC の pkcs15 機能の cardos_have_verifyrc_package() 関数
には、ヒープ領域の範囲外読み取りの問題があるため、ローカルの
攻撃者により、細工された ASN1 コンテキストを含むスマートカード
を介して、情報の漏洩、およびサービス拒否攻撃 (クラッシュの発生)
を可能とする脆弱性が存在します。(CVE-2023-2977)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-2977
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
追加情報:
N/A
ダウンロード:
SRPMS
- opensc-0.20.0-6.el8.src.rpm
MD5: 7f3029fd0bd6ddf0cb39f015a74c844d
SHA-256: 6bc3e38ddc7d5a754b5cafb5c1a821f7719094cddff87ef77abbf38dabf45a09
Size: 2.13 MB
Asianux Server 8 for x86_64
- opensc-0.20.0-6.el8.i686.rpm
MD5: ba0e51607a2c89132037db2c1a0ea0ec
SHA-256: 723f739025cf2cee1bbda0cbf0979ea0314f34b6602f53f419e6d6aea8747c45
Size: 1.28 MB - opensc-0.20.0-6.el8.x86_64.rpm
MD5: 86c277c751dc3f94d9ca2410bcdd014c
SHA-256: ae4f7d57d0d369e59524de3d05df1d4e44b1472a049ff56865a8e809c1a3ffd9
Size: 1.27 MB
English