opensc-0.22.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11613-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z opensc-0.22.0-2.1 on GA media These are all security issues fixed in the opensc-0.22.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11613 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-42779/ SUSE CVE CVE-2021-42779 page https://www.suse.com/security/cve/CVE-2021-42780/ SUSE CVE CVE-2021-42780 page https://www.suse.com/security/cve/CVE-2021-42781/ SUSE CVE CVE-2021-42781 page https://www.suse.com/security/cve/CVE-2021-42782/ SUSE CVE CVE-2021-42782 page openSUSE Tumbleweed opensc-0.22.0-2.1 opensc-32bit-0.22.0-1.1 opensc-0.22.0-2.1 as a component of openSUSE Tumbleweed opensc-32bit-0.22.0-1.1 as a component of openSUSE Tumbleweed A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. CVE-2021-42779 openSUSE Tumbleweed:opensc-0.22.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42779.html CVE-2021-42779 https://bugzilla.suse.com/1191992 SUSE Bug 1191992 A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. CVE-2021-42780 openSUSE Tumbleweed:opensc-0.22.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1 low 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42780.html CVE-2021-42780 https://bugzilla.suse.com/1192005 SUSE Bug 1192005 https://bugzilla.suse.com/1196716 SUSE Bug 1196716 Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. CVE-2021-42781 openSUSE Tumbleweed:opensc-0.22.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42781.html CVE-2021-42781 https://bugzilla.suse.com/1192000 SUSE Bug 1192000 https://bugzilla.suse.com/1192635 SUSE Bug 1192635 Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. CVE-2021-42782 openSUSE Tumbleweed:opensc-0.22.0-2.1 openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-42782.html CVE-2021-42782 https://bugzilla.suse.com/1191957 SUSE Bug 1191957 https://bugzilla.suse.com/1192635 SUSE Bug 1192635 https://bugzilla.suse.com/1192643 SUSE Bug 1192643 https://bugzilla.suse.com/1192786 SUSE Bug 1192786 https://bugzilla.suse.com/1193388 SUSE Bug 1193388