opensc-0.16.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10269-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z opensc-0.16.0-2.1 on GA media These are all security issues fixed in the opensc-0.16.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10269 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-0368/ SUSE CVE CVE-2009-0368 page https://www.suse.com/security/cve/CVE-2010-4523/ SUSE CVE CVE-2010-4523 page openSUSE Tumbleweed opensc-0.16.0-2.1 opensc-32bit-0.16.0-2.1 opensc-0.16.0-2.1 as a component of openSUSE Tumbleweed opensc-32bit-0.16.0-2.1 as a component of openSUSE Tumbleweed OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. CVE-2009-0368 openSUSE Tumbleweed:opensc-0.16.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.16.0-2.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0368.html CVE-2009-0368 https://bugzilla.suse.com/480262 SUSE Bug 480262 https://bugzilla.suse.com/548555 SUSE Bug 548555 Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. CVE-2010-4523 openSUSE Tumbleweed:opensc-0.16.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.16.0-2.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-4523.html CVE-2010-4523 https://bugzilla.suse.com/660109 SUSE Bug 660109