FS#65082 - [opensc] CVE-2019-15945 CVE-2019-15946 CVE-2019-19481 CVE-2019-6502 CVE-2019-19480 CVE-2019-19479

Attached to Project: Community Packages
Opened by Pascal Ernster (hardfalcon) - Wednesday, 08 January 2020, 11:25 GMT
Last edited by Christian Rebischke (Shibumi) - Tuesday, 03 March 2020, 00:35 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Levente Polyak (anthraxx)
Alad Wenter (Alad)
Architecture All
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Upstream has released opensc 0.20.0, which fixes (among other things) a bunch of memory corruption CVEs:

https://github.com/OpenSC/OpenSC/releases/tag/0.20.0

CVE-2019-6502 "sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv."
CVE-2019-15945 "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c."
CVE-2019-15946 "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c."
CVE-2019-19479 "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute."
CVE-2019-19480 "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry."
CVE-2019-19481 "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates."

CVSS 3.0 ratings:
CVE-2019-15945 9.8 "critical"
CVE-2019-15946 9.8 "critical"
CVE-2019-19481 7.8 "high"
CVE-2019-6502 7.5 "high"
CVE-2019-19480 7.5 "high"
CVE-2019-19479 5.5 "medium"
This task depends upon

Closed by  Christian Rebischke (Shibumi)
Tuesday, 03 March 2020, 00:35 GMT
Reason for closing:  Fixed
Additional comments about closing:  opensc-0.20.0-1
Comment by Pascal Ernster (hardfalcon) - Wednesday, 08 January 2020, 11:29 GMT
Sorry, forgot to complete the bug title - should have been "[opensc] 0.19.0-2: CVE-2019-15945, CVE-2019-15946, CVE-2019-19481, CVE-2019-6502, CVE-2019-19480, CVE-2019-19479".
Comment by Santiago Torres (sangy) - Thursday, 06 February 2020, 19:18 GMT
FWIW, when there are too many CVE's we just put "Multiple vulnerabilities" in the title (so don't worry :))

Loading...