Debian Security Advisory
DLA-2832-1 opensc -- LTS security update
- Date Reported:
- 29 Nov 2021
- Affected Packages:
- opensc
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 939668, Bug 939669, Bug 947383, Bug 972035, Bug 972036, Bug 972037.
In Mitre's CVE dictionary: CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2020-26570, CVE-2020-26571, CVE-2020-26572. - More information:
-
Several vulnerabilities were fixed in the OpenSC smart card utilities.
- CVE-2019-15945
Out-of-bounds access of an ASN.1 Bitstring.
- CVE-2019-15946
Out-of-bounds access of an ASN.1 Octet string.
- CVE-2019-19479
Incorrect read operation in the Setec driver.
- CVE-2020-26570
Heap-based buffer overflow in the Oberthur driver.
- CVE-2020-26571
Stack-based buffer overflow in the GPK driver.
- CVE-2020-26572
Stack-based buffer overflow in the TCOS driver.
For Debian 9 stretch, these problems have been fixed in version 0.16.0-3+deb9u2.
We recommend that you upgrade your opensc packages.
For the detailed security status of opensc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opensc
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2019-15945