Security update for opensc
Announcement ID: | SUSE-SU-2024:3445-1 |
---|---|
Rating: | low |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves seven vulnerabilities and has one security fix can now be installed.
Description:
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch SUSE-2024-3445=1
-
openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2024-3445=1
-
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2024-3445=1
-
SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3445=1
-
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2024-3445=1
-
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3445=1
-
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2024-3445=1
-
SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2024-3445=1
-
Basesystem Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2024-3445=1
Package List:
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
openSUSE Leap 15.4 (x86_64)
- opensc-32bit-0.22.0-150400.3.12.1
- opensc-32bit-debuginfo-0.22.0-150400.3.12.1
-
openSUSE Leap 15.4 (aarch64_ilp32)
- opensc-64bit-0.22.0-150400.3.12.1
- opensc-64bit-debuginfo-0.22.0-150400.3.12.1
-
openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
openSUSE Leap 15.5 (x86_64)
- opensc-32bit-0.22.0-150400.3.12.1
- opensc-32bit-debuginfo-0.22.0-150400.3.12.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
-
Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64)
- opensc-debuginfo-0.22.0-150400.3.12.1
- opensc-0.22.0-150400.3.12.1
- opensc-debugsource-0.22.0-150400.3.12.1
References:
- https://www.suse.com/security/cve/CVE-2024-45615.html
- https://www.suse.com/security/cve/CVE-2024-45616.html
- https://www.suse.com/security/cve/CVE-2024-45617.html
- https://www.suse.com/security/cve/CVE-2024-45618.html
- https://www.suse.com/security/cve/CVE-2024-45619.html
- https://www.suse.com/security/cve/CVE-2024-45620.html
- https://www.suse.com/security/cve/CVE-2024-8443.html
- https://bugzilla.suse.com/show_bug.cgi?id=1217722
- https://bugzilla.suse.com/show_bug.cgi?id=1230071
- https://bugzilla.suse.com/show_bug.cgi?id=1230072
- https://bugzilla.suse.com/show_bug.cgi?id=1230073
- https://bugzilla.suse.com/show_bug.cgi?id=1230074
- https://bugzilla.suse.com/show_bug.cgi?id=1230075
- https://bugzilla.suse.com/show_bug.cgi?id=1230076
- https://bugzilla.suse.com/show_bug.cgi?id=1230364