An update for opensc is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1664
Final
1.0
1.0
2022-05-20
Initial
2022-05-20
2022-05-20
openEuler SA Tool V1.0
2022-05-20
opensc security update
An update for opensc is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend.
Security Fix(es):
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778)
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780)
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782)
An update for opensc is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
opensc
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1664
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-42778
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-42780
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-42782
https://nvd.nist.gov/vuln/detail/CVE-2021-42778
https://nvd.nist.gov/vuln/detail/CVE-2021-42780
https://nvd.nist.gov/vuln/detail/CVE-2021-42782
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
opensc-0.20.0-10.oe1.aarch64.rpm
opensc-debuginfo-0.20.0-10.oe1.aarch64.rpm
opensc-debugsource-0.20.0-10.oe1.aarch64.rpm
opensc-0.20.0-10.oe1.aarch64.rpm
opensc-debuginfo-0.20.0-10.oe1.aarch64.rpm
opensc-debugsource-0.20.0-10.oe1.aarch64.rpm
opensc-0.21.0-6.oe2203.aarch64.rpm
opensc-debuginfo-0.21.0-6.oe2203.aarch64.rpm
opensc-debugsource-0.21.0-6.oe2203.aarch64.rpm
opensc-help-0.20.0-10.oe1.noarch.rpm
opensc-help-0.20.0-10.oe1.noarch.rpm
opensc-help-0.21.0-6.oe2203.noarch.rpm
opensc-0.20.0-10.oe1.src.rpm
opensc-0.20.0-10.oe1.src.rpm
opensc-0.21.0-6.oe2203.src.rpm
opensc-0.20.0-10.oe1.x86_64.rpm
opensc-debuginfo-0.20.0-10.oe1.x86_64.rpm
opensc-debugsource-0.20.0-10.oe1.x86_64.rpm
opensc-0.20.0-10.oe1.x86_64.rpm
opensc-debuginfo-0.20.0-10.oe1.x86_64.rpm
opensc-debugsource-0.20.0-10.oe1.x86_64.rpm
opensc-0.21.0-6.oe2203.x86_64.rpm
opensc-debuginfo-0.21.0-6.oe2203.x86_64.rpm
opensc-debugsource-0.21.0-6.oe2203.x86_64.rpm
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
2022-05-20
CVE-2021-42778
openEuler-22.03-LTS
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
opensc security update
2022-05-20
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1664
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
2022-05-20
CVE-2021-42780
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
opensc security update
2022-05-20
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1664
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
2022-05-20
CVE-2021-42782
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
opensc security update
2022-05-20
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1664