 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2020.0026 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2020-0026) |
| Summary: | The remote host is missing an update for the 'opensc' package(s) announced via the MGASA-2020-0026 advisory. |
| Description: | Summary: The remote host is missing an update for the 'opensc' package(s) announced via the MGASA-2020-0026 advisory. Vulnerability Insight: Updated opensc packages fix security vulnerabilities: sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv (CVE-2019-6502). OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c (CVE-2019-15945). OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c (CVE-2019-15946). An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute (CVE-2019-19479). An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry (CVE-2019-19480). An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates (CVE-2019-19481). The opensc package has been updated to version 0.20.0, which has fixes for these issues and other improvements. Affected Software/OS: 'opensc' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-15945 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/ https://github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68 https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4 https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html http://www.openwall.com/lists/oss-security/2019/12/29/1 Common Vulnerability Exposure (CVE) ID: CVE-2019-15946 https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740 Common Vulnerability Exposure (CVE) ID: CVE-2019-19479 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693 https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2 https://lists.debian.org/debian-lts-announce/2019/12/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2019-19480 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18478 https://github.com/OpenSC/OpenSC/commit/6ce6152284c47ba9b1d4fe8ff9d2e6a3f5ee02c7 Common Vulnerability Exposure (CVE) ID: CVE-2019-19481 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618 https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278 Common Vulnerability Exposure (CVE) ID: CVE-2019-6502 https://github.com/OpenSC/OpenSC/issues/1586 https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |