SUSE-SU-2024:3443-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3443-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3443-1
- Related
- Published
- 2024-09-25T16:11:01Z
- Modified
- 2024-09-25T16:11:01Z
- Summary
- Security update for opensc
- Details
-
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243443-1/
- https://bugzilla.suse.com/1217722
- https://bugzilla.suse.com/1230071
- https://bugzilla.suse.com/1230072
- https://bugzilla.suse.com/1230073
- https://bugzilla.suse.com/1230074
- https://bugzilla.suse.com/1230075
- https://bugzilla.suse.com/1230076
- https://bugzilla.suse.com/1230364
- https://www.suse.com/security/cve/CVE-2024-45615
- https://www.suse.com/security/cve/CVE-2024-45616
- https://www.suse.com/security/cve/CVE-2024-45617
- https://www.suse.com/security/cve/CVE-2024-45618
- https://www.suse.com/security/cve/CVE-2024-45619
- https://www.suse.com/security/cve/CVE-2024-45620
- https://www.suse.com/security/cve/CVE-2024-8443
Affected packages
SUSE:Linux Enterprise Server 12 SP5 / opensc
Package
- Name
- opensc
- Purl
- purl:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5