opensc security and bug fix update

2023-11-1700:00:00

linux.oracle.com

bug fix

security update

opensc

unix

cve-2023-2977

reader removal

buffer overrun

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

14.8%

JSON

[0.20.0-6]

Fix introduced issues tagged by coverity (RHEL-765)
[0.20.0-5]
Avoid potential crash because of missing list terminator (#2196234)
Fix CVE-2023-2977: potential buffer overrun in pkcs15 cardos_have_verifyrc_package (#2211093)
Backport upstream changes regarding to reader removal (#2097048)

OSVersionArchitecturePackageVersionFilename
oracle linux8srcopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.src.rpm
oracle linux8srcopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.src.rpm
oracle linux8aarch64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.aarch64.rpm
oracle linux8aarch64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.aarch64.rpm
oracle linux8srcopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.src.rpm
oracle linux8srcopensc< 0.20.0-6.el8opensc-0.20.0-6.el8.src.rpm
oracle linux8i686opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.i686.rpm
oracle linux8i686opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.i686.rpm
oracle linux8x86_64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.x86_64.rpm
oracle linux8x86_64opensc< 0.20.0-6.el8opensc-0.20.0-6.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	8	src	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.src.rpm
oracle linux	8	src	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.src.rpm
oracle linux	8	aarch64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.aarch64.rpm
oracle linux	8	aarch64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.aarch64.rpm
oracle linux	8	src	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.src.rpm
oracle linux	8	src	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.src.rpm
oracle linux	8	i686	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.i686.rpm
oracle linux	8	i686	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.i686.rpm
oracle linux	8	x86_64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.x86_64.rpm
oracle linux	8	x86_64	opensc	< 0.20.0-6.el8	opensc-0.20.0-6.el8.x86_64.rpm