{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for opensc","title":"Title of the patch"},{"category":"description","text":"This update for opensc fixes the following issues:\n\n- CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n- CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n- CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n- CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n- CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n- CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n- CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n- CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n- CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n- CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-DESKTOP-12-SP4-2018-2582,SUSE-SLE-SERVER-12-SP4-2018-2582","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3622-2.json"},{"category":"self","summary":"URL for SUSE-SU-2018:3622-2","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183622-2/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:3622-2","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-December/004943.html"},{"category":"self","summary":"SUSE Bug 1104812","url":"https://bugzilla.suse.com/1104812"},{"category":"self","summary":"SUSE Bug 1106998","url":"https://bugzilla.suse.com/1106998"},{"category":"self","summary":"SUSE Bug 1106999","url":"https://bugzilla.suse.com/1106999"},{"category":"self","summary":"SUSE Bug 1107033","url":"https://bugzilla.suse.com/1107033"},{"category":"self","summary":"SUSE Bug 1107034","url":"https://bugzilla.suse.com/1107034"},{"category":"self","summary":"SUSE Bug 1107037","url":"https://bugzilla.suse.com/1107037"},{"category":"self","summary":"SUSE Bug 1107038","url":"https://bugzilla.suse.com/1107038"},{"category":"self","summary":"SUSE Bug 1107039","url":"https://bugzilla.suse.com/1107039"},{"category":"self","summary":"SUSE Bug 1107097","url":"https://bugzilla.suse.com/1107097"},{"category":"self","summary":"SUSE Bug 1107107","url":"https://bugzilla.suse.com/1107107"},{"category":"self","summary":"SUSE Bug 1108318","url":"https://bugzilla.suse.com/1108318"},{"category":"self","summary":"SUSE CVE CVE-2018-16391 page","url":"https://www.suse.com/security/cve/CVE-2018-16391/"},{"category":"self","summary":"SUSE CVE CVE-2018-16392 page","url":"https://www.suse.com/security/cve/CVE-2018-16392/"},{"category":"self","summary":"SUSE CVE CVE-2018-16393 page","url":"https://www.suse.com/security/cve/CVE-2018-16393/"},{"category":"self","summary":"SUSE CVE CVE-2018-16418 page","url":"https://www.suse.com/security/cve/CVE-2018-16418/"},{"category":"self","summary":"SUSE CVE CVE-2018-16419 page","url":"https://www.suse.com/security/cve/CVE-2018-16419/"},{"category":"self","summary":"SUSE CVE CVE-2018-16420 page","url":"https://www.suse.com/security/cve/CVE-2018-16420/"},{"category":"self","summary":"SUSE CVE CVE-2018-16422 page","url":"https://www.suse.com/security/cve/CVE-2018-16422/"},{"category":"self","summary":"SUSE CVE CVE-2018-16423 page","url":"https://www.suse.com/security/cve/CVE-2018-16423/"},{"category":"self","summary":"SUSE CVE CVE-2018-16426 page","url":"https://www.suse.com/security/cve/CVE-2018-16426/"},{"category":"self","summary":"SUSE CVE CVE-2018-16427 page","url":"https://www.suse.com/security/cve/CVE-2018-16427/"}],"title":"Security update for opensc","tracking":{"current_release_date":"2018-12-10T13:08:40Z","generator":{"date":"2018-12-10T13:08:40Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:3622-2","initial_release_date":"2018-12-10T13:08:40Z","revision_history":[{"date":"2018-12-10T13:08:40Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"opensc-0.13.0-3.3.2.aarch64","product":{"name":"opensc-0.13.0-3.3.2.aarch64","product_id":"opensc-0.13.0-3.3.2.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"opensc-0.13.0-3.3.2.ppc64le","product":{"name":"opensc-0.13.0-3.3.2.ppc64le","product_id":"opensc-0.13.0-3.3.2.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"opensc-0.13.0-3.3.2.s390x","product":{"name":"opensc-0.13.0-3.3.2.s390x","product_id":"opensc-0.13.0-3.3.2.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"opensc-0.13.0-3.3.2.x86_64","product":{"name":"opensc-0.13.0-3.3.2.x86_64","product_id":"opensc-0.13.0-3.3.2.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Desktop 12 SP4","product":{"name":"SUSE Linux Enterprise Desktop 12 SP4","product_id":"SUSE Linux Enterprise Desktop 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sled:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP4","product":{"name":"SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:12:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4","product_id":"SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64"},"product_reference":"opensc-0.13.0-3.3.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Desktop 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64"},"product_reference":"opensc-0.13.0-3.3.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le"},"product_reference":"opensc-0.13.0-3.3.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.s390x as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x"},"product_reference":"opensc-0.13.0-3.3.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4","product_id":"SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64"},"product_reference":"opensc-0.13.0-3.3.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64"},"product_reference":"opensc-0.13.0-3.3.2.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le"},"product_reference":"opensc-0.13.0-3.3.2.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x"},"product_reference":"opensc-0.13.0-3.3.2.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"},{"category":"default_component_of","full_product_name":{"name":"opensc-0.13.0-3.3.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"},"product_reference":"opensc-0.13.0-3.3.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 12 SP4"}]},"vulnerabilities":[{"cve":"CVE-2018-16391","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16391"}],"notes":[{"category":"general","text":"Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16391","url":"https://www.suse.com/security/cve/CVE-2018-16391"},{"category":"external","summary":"SUSE Bug 1106998 for CVE-2018-16391","url":"https://bugzilla.suse.com/1106998"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16391"},{"cve":"CVE-2018-16392","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16392"}],"notes":[{"category":"general","text":"Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16392","url":"https://www.suse.com/security/cve/CVE-2018-16392"},{"category":"external","summary":"SUSE Bug 1106999 for CVE-2018-16392","url":"https://bugzilla.suse.com/1106999"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16392"},{"cve":"CVE-2018-16393","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16393"}],"notes":[{"category":"general","text":"Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16393","url":"https://www.suse.com/security/cve/CVE-2018-16393"},{"category":"external","summary":"SUSE Bug 1108318 for CVE-2018-16393","url":"https://bugzilla.suse.com/1108318"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16393"},{"cve":"CVE-2018-16418","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16418"}],"notes":[{"category":"general","text":"A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16418","url":"https://www.suse.com/security/cve/CVE-2018-16418"},{"category":"external","summary":"SUSE Bug 1107039 for CVE-2018-16418","url":"https://bugzilla.suse.com/1107039"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16418"},{"cve":"CVE-2018-16419","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16419"}],"notes":[{"category":"general","text":"Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16419","url":"https://www.suse.com/security/cve/CVE-2018-16419"},{"category":"external","summary":"SUSE Bug 1107107 for CVE-2018-16419","url":"https://bugzilla.suse.com/1107107"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16419"},{"cve":"CVE-2018-16420","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16420"}],"notes":[{"category":"general","text":"Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16420","url":"https://www.suse.com/security/cve/CVE-2018-16420"},{"category":"external","summary":"SUSE Bug 1107097 for CVE-2018-16420","url":"https://bugzilla.suse.com/1107097"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16420"},{"cve":"CVE-2018-16422","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16422"}],"notes":[{"category":"general","text":"A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16422","url":"https://www.suse.com/security/cve/CVE-2018-16422"},{"category":"external","summary":"SUSE Bug 1107038 for CVE-2018-16422","url":"https://bugzilla.suse.com/1107038"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16422"},{"cve":"CVE-2018-16423","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16423"}],"notes":[{"category":"general","text":"A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16423","url":"https://www.suse.com/security/cve/CVE-2018-16423"},{"category":"external","summary":"SUSE Bug 1107037 for CVE-2018-16423","url":"https://bugzilla.suse.com/1107037"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16423"},{"cve":"CVE-2018-16426","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16426"}],"notes":[{"category":"general","text":"Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16426","url":"https://www.suse.com/security/cve/CVE-2018-16426"},{"category":"external","summary":"SUSE Bug 1107034 for CVE-2018-16426","url":"https://bugzilla.suse.com/1107034"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16426"},{"cve":"CVE-2018-16427","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16427"}],"notes":[{"category":"general","text":"Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16427","url":"https://www.suse.com/security/cve/CVE-2018-16427"},{"category":"external","summary":"SUSE Bug 1107033 for CVE-2018-16427","url":"https://bugzilla.suse.com/1107033"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.6,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Desktop 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server 12 SP4:opensc-0.13.0-3.3.2.x86_64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.aarch64","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.ppc64le","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.s390x","SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.3.2.x86_64"]}],"threats":[{"category":"impact","date":"2018-12-10T13:08:40Z","details":"moderate"}],"title":"CVE-2018-16427"}]}