Security update for opensc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:3716-1 Final 1 1 2018-11-09T20:11:10Z current 2018-11-09T20:11:10Z 2018-11-09T20:11:10Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for opensc This update for opensc fixes the following security issues: - CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998) - CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999) - CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318) - CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039) - CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107) - CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097) - CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049) - CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038) - CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037) - CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036) - CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035) - CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034) - CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033) This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html E-Mail link for openSUSE-SU-2018:3716-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.0 opensc-0.18.0-lp150.2.9.1 opensc-32bit-0.18.0-lp150.2.9.1 opensc-0.18.0-lp150.2.9.1 as a component of openSUSE Leap 15.0 opensc-32bit-0.18.0-lp150.2.9.1 as a component of openSUSE Leap 15.0 Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16391 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16391.html CVE-2018-16391 https://bugzilla.suse.com/1106998 SUSE Bug 1106998 Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16392 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16392.html CVE-2018-16392 https://bugzilla.suse.com/1106999 SUSE Bug 1106999 Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16393 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16393.html CVE-2018-16393 https://bugzilla.suse.com/1108318 SUSE Bug 1108318 A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16418 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16418.html CVE-2018-16418 https://bugzilla.suse.com/1107039 SUSE Bug 1107039 Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16419 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16419.html CVE-2018-16419 https://bugzilla.suse.com/1107107 SUSE Bug 1107107 Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16420 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16420.html CVE-2018-16420 https://bugzilla.suse.com/1107097 SUSE Bug 1107097 Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16421 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16421.html CVE-2018-16421 https://bugzilla.suse.com/1107049 SUSE Bug 1107049 A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16422 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16422.html CVE-2018-16422 https://bugzilla.suse.com/1107038 SUSE Bug 1107038 A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16423 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16423.html CVE-2018-16423 https://bugzilla.suse.com/1107037 SUSE Bug 1107037 A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16424 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16424.html CVE-2018-16424 https://bugzilla.suse.com/1107036 SUSE Bug 1107036 A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. CVE-2018-16425 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16425.html CVE-2018-16425 https://bugzilla.suse.com/1107035 SUSE Bug 1107035 Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. CVE-2018-16426 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16426.html CVE-2018-16426 https://bugzilla.suse.com/1107034 SUSE Bug 1107034 Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. CVE-2018-16427 openSUSE Leap 15.0:opensc-0.18.0-lp150.2.9.1 openSUSE Leap 15.0:opensc-32bit-0.18.0-lp150.2.9.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-11/msg00016.html https://www.suse.com/security/cve/CVE-2018-16427.html CVE-2018-16427 https://bugzilla.suse.com/1107033 SUSE Bug 1107033