-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2832-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 29, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : opensc Version : 0.16.0-3+deb9u2 CVE ID : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572 Debian Bug : 939668 939669 947383 972035 972036 972037 Several vulnerabilities were fixed in the OpenSC smart card utilities. CVE-2019-15945 Out-of-bounds access of an ASN.1 Bitstring. CVE-2019-15946 Out-of-bounds access of an ASN.1 Octet string. CVE-2019-19479 Incorrect read operation in the Setec driver. CVE-2020-26570 Heap-based buffer overflow in the Oberthur driver. CVE-2020-26571 Stack-based buffer overflow in the GPK driver. CVE-2020-26572 Stack-based buffer overflow in the TCOS driver. For Debian 9 stretch, these problems have been fixed in version 0.16.0-3+deb9u2. We recommend that you upgrade your opensc packages. For the detailed security status of opensc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/opensc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmGkmcMACgkQiNJCh6LY mLGB8A/+PHkvaXLUjC9VshwFhM6BrR02OO7S46zbFQvtgN+mr+G0XfdPTQW+7m78 SJhe4khp33ldT8ldfrsqh3adwR5nVH6W2QXS3c9HgmV8BU+Mu2Er8g/tH9Y35gf9 NoaUNWL7PMOgxZvqGG8HJbJ2xLddPaDV0GMPDj7I/wBx68HUP7jxWlRKZxU8v5VB geu2CP44fq9veV2sucubxpkASyIogAUeXPaAucdnwklh5qdXZdYqq7+o97OqChFe x633ud2UNc/pRjLMPaFpODZU2wr5CYbM5b6HSqrLU34VuBUfVagt/ZtTr2FU1LHE z/3aoVZ3qKVVknrrnNRjkJRbm+dRnZDjWBpBVrOUtbXo5WrUS9ajvV1zhKVYv1sA 3d3TT+69MFjmeu0BtpgWx0e8StPKnNStipQQ40ACSb6EgglenMxhpCw0qnJlyMaP xRTrgEOvRLywqpjAzz+o1l8ULjaSJ5ZsGemVk0l88ZaKZbyQiOwz0sxb86ZcYA/a DenustQzfRXWJWnxZFkPXYc6KR4v83OEZ0/jXEd7Y2EYLmThL2NJB5/qTVCG45LF xS9zyc7/aLWchM5yhaNQqzV+jLA/5tWhxUQL+gZfhwJE+Gm7Lc4Uy2zshPjvEPPK XY3alj2C7134Q8CCxNxo+1Fx9941v3t2y7RntHoCQpKYtzUhzQg= =AJ5L -----END PGP SIGNATURE-----