[SECURITY] [DLA 2832-1] opensc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2832-1] opensc security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 29 Nov 2021 11:13:39 +0200
Message-id: <[🔎] 20211129091339.GA1454@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2832-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
November 29, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : opensc
Version        : 0.16.0-3+deb9u2
CVE ID         : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 
                 CVE-2020-26571 CVE-2020-26572
Debian Bug     : 939668 939669 947383 972035 972036 972037

Several vulnerabilities were fixed in the OpenSC smart card utilities.

CVE-2019-15945

    Out-of-bounds access of an ASN.1 Bitstring.

CVE-2019-15946

    Out-of-bounds access of an ASN.1 Octet string.

CVE-2019-19479

    Incorrect read operation in the Setec driver.

CVE-2020-26570

    Heap-based buffer overflow in the Oberthur driver.

CVE-2020-26571

    Stack-based buffer overflow in the GPK driver.

CVE-2020-26572

    Stack-based buffer overflow in the TCOS driver.

For Debian 9 stretch, these problems have been fixed in version
0.16.0-3+deb9u2.

We recommend that you upgrade your opensc packages.

For the detailed security status of opensc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGkmcMACgkQiNJCh6LY
mLGB8A/+PHkvaXLUjC9VshwFhM6BrR02OO7S46zbFQvtgN+mr+G0XfdPTQW+7m78
SJhe4khp33ldT8ldfrsqh3adwR5nVH6W2QXS3c9HgmV8BU+Mu2Er8g/tH9Y35gf9
NoaUNWL7PMOgxZvqGG8HJbJ2xLddPaDV0GMPDj7I/wBx68HUP7jxWlRKZxU8v5VB
geu2CP44fq9veV2sucubxpkASyIogAUeXPaAucdnwklh5qdXZdYqq7+o97OqChFe
x633ud2UNc/pRjLMPaFpODZU2wr5CYbM5b6HSqrLU34VuBUfVagt/ZtTr2FU1LHE
z/3aoVZ3qKVVknrrnNRjkJRbm+dRnZDjWBpBVrOUtbXo5WrUS9ajvV1zhKVYv1sA
3d3TT+69MFjmeu0BtpgWx0e8StPKnNStipQQ40ACSb6EgglenMxhpCw0qnJlyMaP
xRTrgEOvRLywqpjAzz+o1l8ULjaSJ5ZsGemVk0l88ZaKZbyQiOwz0sxb86ZcYA/a
DenustQzfRXWJWnxZFkPXYc6KR4v83OEZ0/jXEd7Y2EYLmThL2NJB5/qTVCG45LF
xS9zyc7/aLWchM5yhaNQqzV+jLA/5tWhxUQL+gZfhwJE+Gm7Lc4Uy2zshPjvEPPK
XY3alj2C7134Q8CCxNxo+1Fx9941v3t2y7RntHoCQpKYtzUhzQg=
=AJ5L
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2831-1] libntlm security update
Next by Date: [SECURITY] [DLA 2833-1] rsync security update
Previous by thread: [SECURITY] [DLA 2831-1] libntlm security update
Next by thread: [SECURITY] [DLA 2833-1] rsync security update
Index(es):
- Date
- Thread