Low: opensc security and bug fix update

2023-11-1400:00:00

errata.almalinux.org

opensc

smart cards

cryptographic operations

authentication

mail encryption

digital signatures

cve-2023-2977

almalinux

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

Percentile

14.8%

JSON

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.

Security Fix(es):

opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package (CVE-2023-2977)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
almalinux8i686opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.i686.rpm
almalinux8x86_64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.x86_64.rpm
almalinux8aarch64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.aarch64.rpm
almalinux8ppc64leopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.ppc64le.rpm
almalinux8s390xopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
almalinux	8	i686	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.i686.rpm
almalinux	8	x86_64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.x86_64.rpm
almalinux	8	aarch64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.aarch64.rpm
almalinux	8	ppc64le	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.ppc64le.rpm
almalinux	8	s390x	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.s390x.rpm