[SECURITY] [DLA 2832-1] opensc security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2832-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
November 29, 2021 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : opensc
Version : 0.16.0-3+deb9u2
CVE ID : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570
CVE-2020-26571 CVE-2020-26572
Debian Bug : 939668 939669 947383 972035 972036 972037
Several vulnerabilities were fixed in the OpenSC smart card utilities.
CVE-2019-15945
Out-of-bounds access of an ASN.1 Bitstring.
CVE-2019-15946
Out-of-bounds access of an ASN.1 Octet string.
CVE-2019-19479
Incorrect read operation in the Setec driver.
CVE-2020-26570
Heap-based buffer overflow in the Oberthur driver.
CVE-2020-26571
Stack-based buffer overflow in the GPK driver.
CVE-2020-26572
Stack-based buffer overflow in the TCOS driver.
For Debian 9 stretch, these problems have been fixed in version
0.16.0-3+deb9u2.
We recommend that you upgrade your opensc packages.
For the detailed security status of opensc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opensc
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGkmcMACgkQiNJCh6LY
mLGB8A/+PHkvaXLUjC9VshwFhM6BrR02OO7S46zbFQvtgN+mr+G0XfdPTQW+7m78
SJhe4khp33ldT8ldfrsqh3adwR5nVH6W2QXS3c9HgmV8BU+Mu2Er8g/tH9Y35gf9
NoaUNWL7PMOgxZvqGG8HJbJ2xLddPaDV0GMPDj7I/wBx68HUP7jxWlRKZxU8v5VB
geu2CP44fq9veV2sucubxpkASyIogAUeXPaAucdnwklh5qdXZdYqq7+o97OqChFe
x633ud2UNc/pRjLMPaFpODZU2wr5CYbM5b6HSqrLU34VuBUfVagt/ZtTr2FU1LHE
z/3aoVZ3qKVVknrrnNRjkJRbm+dRnZDjWBpBVrOUtbXo5WrUS9ajvV1zhKVYv1sA
3d3TT+69MFjmeu0BtpgWx0e8StPKnNStipQQ40ACSb6EgglenMxhpCw0qnJlyMaP
xRTrgEOvRLywqpjAzz+o1l8ULjaSJ5ZsGemVk0l88ZaKZbyQiOwz0sxb86ZcYA/a
DenustQzfRXWJWnxZFkPXYc6KR4v83OEZ0/jXEd7Y2EYLmThL2NJB5/qTVCG45LF
xS9zyc7/aLWchM5yhaNQqzV+jLA/5tWhxUQL+gZfhwJE+Gm7Lc4Uy2zshPjvEPPK
XY3alj2C7134Q8CCxNxo+1Fx9941v3t2y7RntHoCQpKYtzUhzQg=
=AJ5L
-----END PGP SIGNATURE-----
Reply to: