Vulnerability Database
Blog
FAQ
Docs
SUSE-SU-2018:3622-1
See a problem?
Please try reporting it
to the source
first.
Source
https://www.suse.com/support/update/announcement/2018/suse-su-20183622-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3622-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2018:3622-1
Related
CVE-2018-16391
CVE-2018-16392
CVE-2018-16393
CVE-2018-16418
CVE-2018-16419
CVE-2018-16420
CVE-2018-16422
CVE-2018-16423
CVE-2018-16426
CVE-2018-16427
Published
2018-11-05T16:58:25Z
Modified
2018-11-05T16:58:25Z
Summary
Security update for opensc
Details
This update for opensc fixes the following issues:
CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)
CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)
CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)
CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util
acl
to_str (bsc#1107039)
CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)
CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)
CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)
CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)
CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)
CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)
References
https://www.suse.com/support/update/announcement/2018/suse-su-20183622-1/
https://bugzilla.suse.com/1104812
https://bugzilla.suse.com/1106998
https://bugzilla.suse.com/1106999
https://bugzilla.suse.com/1107033
https://bugzilla.suse.com/1107034
https://bugzilla.suse.com/1107037
https://bugzilla.suse.com/1107038
https://bugzilla.suse.com/1107039
https://bugzilla.suse.com/1107097
https://bugzilla.suse.com/1107107
https://bugzilla.suse.com/1108318
https://www.suse.com/security/cve/CVE-2018-16391
https://www.suse.com/security/cve/CVE-2018-16392
https://www.suse.com/security/cve/CVE-2018-16393
https://www.suse.com/security/cve/CVE-2018-16418
https://www.suse.com/security/cve/CVE-2018-16419
https://www.suse.com/security/cve/CVE-2018-16420
https://www.suse.com/security/cve/CVE-2018-16422
https://www.suse.com/security/cve/CVE-2018-16423
https://www.suse.com/security/cve/CVE-2018-16426
https://www.suse.com/security/cve/CVE-2018-16427
Affected packages
SUSE:Linux Enterprise Desktop 12 SP3
/
opensc
Package
Name
opensc
Purl
pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.13.0-3.3.2
Ecosystem specific
{ "binaries": [ { "opensc": "0.13.0-3.3.2" } ] }
SUSE:Linux Enterprise Server 12 SP3
/
opensc
Package
Name
opensc
Purl
pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.13.0-3.3.2
Ecosystem specific
{ "binaries": [ { "opensc": "0.13.0-3.3.2" } ] }
SUSE:Linux Enterprise Server for SAP Applications 12 SP3
/
opensc
Package
Name
opensc
Purl
pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.13.0-3.3.2
Ecosystem specific
{ "binaries": [ { "opensc": "0.13.0-3.3.2" } ] }
SUSE-SU-2018:3622-1 - OSV