Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-42780 (GCVE-0-2021-42780)
Vulnerability from cvelistv5
Published
2022-04-18 00:00
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "opensc",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "opensc 0.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-21T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "GLSA-202209-03",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-42780",
"datePublished": "2022-04-18T00:00:00",
"dateReserved": "2021-10-21T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-42780\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-04-18T17:15:16.243\",\"lastModified\":\"2024-11-21T06:28:09.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un problema de tipo use after return En Opensc versiones anteriores a 0.22.0, en la funci\u00f3n insert_pin que podr\u00eda bloquear los programas que usan la biblioteca\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-252\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.22.0\",\"matchCriteriaId\":\"B75A7FDD-CA09-46EF-8FAC-11732898B84B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]}],\"references\":[{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2016139\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenSC/OpenSC/commit/5df913b7\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202209-03\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2016139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenSC/OpenSC/commit/5df913b7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
gsd-2021-42780
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-42780",
"description": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"id": "GSD-2021-42780",
"references": [
"https://www.suse.com/security/cve/CVE-2021-42780.html",
"https://advisories.mageia.org/CVE-2021-42780.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-42780"
],
"details": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"id": "GSD-2021-42780",
"modified": "2023-12-13T01:23:06.308345Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-42780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "opensc",
"version": {
"version_data": [
{
"version_value": "opensc 0.22.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-252"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/5df913b7",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "GLSA-202209-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.22.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-42780"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"name": "https://github.com/OpenSC/OpenSC/commit/5df913b7",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"name": "GLSA-202209-03",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"name": "[debian-lts-announce] 20230621 [SECURITY] [DLA 3463-1] opensc security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
},
"lastModifiedDate": "2023-06-21T02:15Z",
"publishedDate": "2022-04-18T17:15Z"
}
}
}
opensuse-su-2024:11613-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
opensc-0.22.0-2.1 on GA media
Notes
Title of the patch
opensc-0.22.0-2.1 on GA media
Description of the patch
These are all security issues fixed in the opensc-0.22.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11613
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "opensc-0.22.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the opensc-0.22.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11613",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11613-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42779 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42780 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42781 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42782 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42782/"
}
],
"title": "opensc-0.22.0-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11613-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.22.0-2.1.aarch64",
"product": {
"name": "opensc-0.22.0-2.1.aarch64",
"product_id": "opensc-0.22.0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.22.0-1.1.aarch64",
"product": {
"name": "opensc-32bit-0.22.0-1.1.aarch64",
"product_id": "opensc-32bit-0.22.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.22.0-2.1.ppc64le",
"product": {
"name": "opensc-0.22.0-2.1.ppc64le",
"product_id": "opensc-0.22.0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.22.0-1.1.ppc64le",
"product": {
"name": "opensc-32bit-0.22.0-1.1.ppc64le",
"product_id": "opensc-32bit-0.22.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.22.0-2.1.s390x",
"product": {
"name": "opensc-0.22.0-2.1.s390x",
"product_id": "opensc-0.22.0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.22.0-1.1.s390x",
"product": {
"name": "opensc-32bit-0.22.0-1.1.s390x",
"product_id": "opensc-32bit-0.22.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.22.0-2.1.x86_64",
"product": {
"name": "opensc-0.22.0-2.1.x86_64",
"product_id": "opensc-0.22.0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.22.0-1.1.x86_64",
"product": {
"name": "opensc-32bit-0.22.0-1.1.x86_64",
"product_id": "opensc-32bit-0.22.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.22.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64"
},
"product_reference": "opensc-0.22.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.22.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le"
},
"product_reference": "opensc-0.22.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.22.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x"
},
"product_reference": "opensc-0.22.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.22.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64"
},
"product_reference": "opensc-0.22.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.22.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64"
},
"product_reference": "opensc-32bit-0.22.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.22.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le"
},
"product_reference": "opensc-32bit-0.22.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.22.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x"
},
"product_reference": "opensc-32bit-0.22.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.22.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
},
"product_reference": "opensc-32bit-0.22.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42779"
}
],
"notes": [
{
"category": "general",
"text": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42779",
"url": "https://www.suse.com/security/cve/CVE-2021-42779"
},
{
"category": "external",
"summary": "SUSE Bug 1191992 for CVE-2021-42779",
"url": "https://bugzilla.suse.com/1191992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-42779"
},
{
"cve": "CVE-2021-42780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42780"
}
],
"notes": [
{
"category": "general",
"text": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42780",
"url": "https://www.suse.com/security/cve/CVE-2021-42780"
},
{
"category": "external",
"summary": "SUSE Bug 1192005 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "external",
"summary": "SUSE Bug 1196716 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1196716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-42780"
},
{
"cve": "CVE-2021-42781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42781"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42781",
"url": "https://www.suse.com/security/cve/CVE-2021-42781"
},
{
"category": "external",
"summary": "SUSE Bug 1192000 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-42781"
},
{
"cve": "CVE-2021-42782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42782"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42782",
"url": "https://www.suse.com/security/cve/CVE-2021-42782"
},
{
"category": "external",
"summary": "SUSE Bug 1191957 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192635"
},
{
"category": "external",
"summary": "SUSE Bug 1192643 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192643"
},
{
"category": "external",
"summary": "SUSE Bug 1192786 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192786"
},
{
"category": "external",
"summary": "SUSE Bug 1193388 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1193388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:opensc-0.22.0-2.1.aarch64",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.ppc64le",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.s390x",
"openSUSE Tumbleweed:opensc-0.22.0-2.1.x86_64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.aarch64",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.ppc64le",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.s390x",
"openSUSE Tumbleweed:opensc-32bit-0.22.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-42782"
}
]
}
suse-su-2021:14835-1
Vulnerability from csaf_suse
Published
2021-10-29 14:27
Modified
2021-10-29 14:27
Summary
Security update for opensc
Notes
Title of the patch
Security update for opensc
Description of the patch
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
Patchnames
sleposp3-opensc-14835,slessp4-opensc-14835
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opensc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opensc fixes the following issues:\n\n- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).\n- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sleposp3-opensc-14835,slessp4-opensc-14835",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_14835-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:14835-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-202114835-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:14835-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009681.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191957",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "self",
"summary": "SUSE Bug 1192005",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42780 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42782 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42782/"
}
],
"title": "Security update for opensc",
"tracking": {
"current_release_date": "2021-10-29T14:27:42Z",
"generator": {
"date": "2021-10-29T14:27:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:14835-1",
"initial_release_date": "2021-10-29T14:27:42Z",
"revision_history": [
{
"date": "2021-10-29T14:27:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopensc2-0.11.6-5.27.14.1.i586",
"product": {
"name": "libopensc2-0.11.6-5.27.14.1.i586",
"product_id": "libopensc2-0.11.6-5.27.14.1.i586"
}
},
{
"category": "product_version",
"name": "opensc-0.11.6-5.27.14.1.i586",
"product": {
"name": "opensc-0.11.6-5.27.14.1.i586",
"product_id": "opensc-0.11.6-5.27.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libopensc2-0.11.6-5.27.14.1.ppc64",
"product": {
"name": "libopensc2-0.11.6-5.27.14.1.ppc64",
"product_id": "libopensc2-0.11.6-5.27.14.1.ppc64"
}
},
{
"category": "product_version",
"name": "libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"product": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"product_id": "libopensc2-32bit-0.11.6-5.27.14.1.ppc64"
}
},
{
"category": "product_version",
"name": "opensc-0.11.6-5.27.14.1.ppc64",
"product": {
"name": "opensc-0.11.6-5.27.14.1.ppc64",
"product_id": "opensc-0.11.6-5.27.14.1.ppc64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.11.6-5.27.14.1.ppc64",
"product": {
"name": "opensc-32bit-0.11.6-5.27.14.1.ppc64",
"product_id": "opensc-32bit-0.11.6-5.27.14.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopensc2-0.11.6-5.27.14.1.s390x",
"product": {
"name": "libopensc2-0.11.6-5.27.14.1.s390x",
"product_id": "libopensc2-0.11.6-5.27.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"product": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"product_id": "libopensc2-32bit-0.11.6-5.27.14.1.s390x"
}
},
{
"category": "product_version",
"name": "opensc-0.11.6-5.27.14.1.s390x",
"product": {
"name": "opensc-0.11.6-5.27.14.1.s390x",
"product_id": "opensc-0.11.6-5.27.14.1.s390x"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.11.6-5.27.14.1.s390x",
"product": {
"name": "opensc-32bit-0.11.6-5.27.14.1.s390x",
"product_id": "opensc-32bit-0.11.6-5.27.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopensc2-0.11.6-5.27.14.1.x86_64",
"product": {
"name": "libopensc2-0.11.6-5.27.14.1.x86_64",
"product_id": "libopensc2-0.11.6-5.27.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"product": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"product_id": "libopensc2-32bit-0.11.6-5.27.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "opensc-0.11.6-5.27.14.1.x86_64",
"product": {
"name": "opensc-0.11.6-5.27.14.1.x86_64",
"product_id": "opensc-0.11.6-5.27.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.11.6-5.27.14.1.x86_64",
"product": {
"name": "opensc-32bit-0.11.6-5.27.14.1.x86_64",
"product_id": "opensc-32bit-0.11.6-5.27.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-0.11.6-5.27.14.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586"
},
"product_reference": "libopensc2-0.11.6-5.27.14.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.11.6-5.27.14.1.i586 as component of SUSE Linux Enterprise Point of Sale 11 SP3",
"product_id": "SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586"
},
"product_reference": "opensc-0.11.6-5.27.14.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 11 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-0.11.6-5.27.14.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586"
},
"product_reference": "libopensc2-0.11.6-5.27.14.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-0.11.6-5.27.14.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64"
},
"product_reference": "libopensc2-0.11.6-5.27.14.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-0.11.6-5.27.14.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x"
},
"product_reference": "libopensc2-0.11.6-5.27.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-0.11.6-5.27.14.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64"
},
"product_reference": "libopensc2-0.11.6-5.27.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64"
},
"product_reference": "libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x"
},
"product_reference": "libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopensc2-32bit-0.11.6-5.27.14.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64"
},
"product_reference": "libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.11.6-5.27.14.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586"
},
"product_reference": "opensc-0.11.6-5.27.14.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.11.6-5.27.14.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64"
},
"product_reference": "opensc-0.11.6-5.27.14.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.11.6-5.27.14.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x"
},
"product_reference": "opensc-0.11.6-5.27.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.11.6-5.27.14.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64"
},
"product_reference": "opensc-0.11.6-5.27.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.11.6-5.27.14.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64"
},
"product_reference": "opensc-32bit-0.11.6-5.27.14.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.11.6-5.27.14.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x"
},
"product_reference": "opensc-32bit-0.11.6-5.27.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.11.6-5.27.14.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
},
"product_reference": "opensc-32bit-0.11.6-5.27.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42780"
}
],
"notes": [
{
"category": "general",
"text": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42780",
"url": "https://www.suse.com/security/cve/CVE-2021-42780"
},
{
"category": "external",
"summary": "SUSE Bug 1192005 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "external",
"summary": "SUSE Bug 1196716 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1196716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:27:42Z",
"details": "low"
}
],
"title": "CVE-2021-42780"
},
{
"cve": "CVE-2021-42782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42782"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42782",
"url": "https://www.suse.com/security/cve/CVE-2021-42782"
},
{
"category": "external",
"summary": "SUSE Bug 1191957 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192635"
},
{
"category": "external",
"summary": "SUSE Bug 1192643 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192643"
},
{
"category": "external",
"summary": "SUSE Bug 1192786 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192786"
},
{
"category": "external",
"summary": "SUSE Bug 1193388 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1193388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Point of Sale 11 SP3:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Point of Sale 11 SP3:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:libopensc2-32bit-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.i586",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-0.11.6-5.27.14.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-LTSS:opensc-32bit-0.11.6-5.27.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:27:42Z",
"details": "important"
}
],
"title": "CVE-2021-42782"
}
]
}
suse-su-2022:1041-1
Vulnerability from csaf_suse
Published
2022-03-30 13:25
Modified
2022-03-30 13:25
Summary
Security update for opensc
Notes
Title of the patch
Security update for opensc
Description of the patch
This update for opensc fixes the following issues:
Security issues fixed:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
- CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756).
- CVE-2020-26570: Fixed a heap based buffer overflow in sc_oberthur_read_file (bsc#1177364).
- CVE-2020-26572: Prevent out of bounds write (bsc#1177378)
- CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380)
- CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747)
- CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256)
- CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746).
- CVE-2019-19481: Fixed an improper handling of buffer limits for CAC certificates (bsc#1158305).
- CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809).
Non-security issues fixed:
- Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649)
Patchnames
SUSE-2022-1041,SUSE-SLE-Product-HPC-15-2022-1041,SUSE-SLE-Product-SLES-15-2022-1041,SUSE-SLE-Product-SLES_SAP-15-2022-1041
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opensc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opensc fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).\n- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).\n- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).\n- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).\n- CVE-2019-6502: Fixed a memory leak in sc_context_create() (bsc#1122756).\n- CVE-2020-26570: Fixed a heap based buffer overflow in sc_oberthur_read_file (bsc#1177364).\n- CVE-2020-26572: Prevent out of bounds write (bsc#1177378)\n- CVE-2020-26571: gemsafe GPK smart card software driver stack-based buffer overflow (bsc#1177380)\n- CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry (bsc#1149747)\n- CVE-2019-19479: incorrect read operation during parsing of a SETCOS file attribute (bsc#1158256)\n- CVE-2019-15945: Fixed an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string (bsc#1149746).\n- CVE-2019-19481: Fixed an improper handling of buffer limits for CAC certificates (bsc#1158305).\n- CVE-2019-20792: Fixed a double free in coolkey_free_private_data (bsc#1170809). \n\nNon-security issues fixed:\n\n- Fixes segmentation fault in \u0027pkcs11-tool.c\u0027. (bsc#1114649)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1041,SUSE-SLE-Product-HPC-15-2022-1041,SUSE-SLE-Product-SLES-15-2022-1041,SUSE-SLE-Product-SLES_SAP-15-2022-1041",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1041-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1041-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221041-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1041-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010580.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114649",
"url": "https://bugzilla.suse.com/1114649"
},
{
"category": "self",
"summary": "SUSE Bug 1122756",
"url": "https://bugzilla.suse.com/1122756"
},
{
"category": "self",
"summary": "SUSE Bug 1149746",
"url": "https://bugzilla.suse.com/1149746"
},
{
"category": "self",
"summary": "SUSE Bug 1149747",
"url": "https://bugzilla.suse.com/1149747"
},
{
"category": "self",
"summary": "SUSE Bug 1158256",
"url": "https://bugzilla.suse.com/1158256"
},
{
"category": "self",
"summary": "SUSE Bug 1158305",
"url": "https://bugzilla.suse.com/1158305"
},
{
"category": "self",
"summary": "SUSE Bug 1170809",
"url": "https://bugzilla.suse.com/1170809"
},
{
"category": "self",
"summary": "SUSE Bug 1177364",
"url": "https://bugzilla.suse.com/1177364"
},
{
"category": "self",
"summary": "SUSE Bug 1177378",
"url": "https://bugzilla.suse.com/1177378"
},
{
"category": "self",
"summary": "SUSE Bug 1177380",
"url": "https://bugzilla.suse.com/1177380"
},
{
"category": "self",
"summary": "SUSE Bug 1191957",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "self",
"summary": "SUSE Bug 1191992",
"url": "https://bugzilla.suse.com/1191992"
},
{
"category": "self",
"summary": "SUSE Bug 1192000",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "self",
"summary": "SUSE Bug 1192005",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15945 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15946 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19479 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19481 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-20792 page",
"url": "https://www.suse.com/security/cve/CVE-2019-20792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6502 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26570 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26571 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26572 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26572/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42779 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42780 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42781 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42782 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42782/"
}
],
"title": "Security update for opensc",
"tracking": {
"current_release_date": "2022-03-30T13:25:11Z",
"generator": {
"date": "2022-03-30T13:25:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1041-1",
"initial_release_date": "2022-03-30T13:25:11Z",
"revision_history": [
{
"date": "2022-03-30T13:25:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.18.0-150000.3.23.1.aarch64",
"product": {
"name": "opensc-0.18.0-150000.3.23.1.aarch64",
"product_id": "opensc-0.18.0-150000.3.23.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-64bit-0.18.0-150000.3.23.1.aarch64_ilp32",
"product": {
"name": "opensc-64bit-0.18.0-150000.3.23.1.aarch64_ilp32",
"product_id": "opensc-64bit-0.18.0-150000.3.23.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.18.0-150000.3.23.1.i586",
"product": {
"name": "opensc-0.18.0-150000.3.23.1.i586",
"product_id": "opensc-0.18.0-150000.3.23.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.18.0-150000.3.23.1.ppc64le",
"product": {
"name": "opensc-0.18.0-150000.3.23.1.ppc64le",
"product_id": "opensc-0.18.0-150000.3.23.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.18.0-150000.3.23.1.s390x",
"product": {
"name": "opensc-0.18.0-150000.3.23.1.s390x",
"product_id": "opensc-0.18.0-150000.3.23.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.18.0-150000.3.23.1.x86_64",
"product": {
"name": "opensc-0.18.0-150000.3.23.1.x86_64",
"product_id": "opensc-0.18.0-150000.3.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.18.0-150000.3.23.1.x86_64",
"product": {
"name": "opensc-32bit-0.18.0-150000.3.23.1.x86_64",
"product_id": "opensc-32bit-0.18.0-150000.3.23.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.18.0-150000.3.23.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
},
"product_reference": "opensc-0.18.0-150000.3.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-15945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15945"
}
],
"notes": [
{
"category": "general",
"text": "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15945",
"url": "https://www.suse.com/security/cve/CVE-2019-15945"
},
{
"category": "external",
"summary": "SUSE Bug 1149746 for CVE-2019-15945",
"url": "https://bugzilla.suse.com/1149746"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2019-15945",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-15945"
},
{
"cve": "CVE-2019-15946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15946"
}
],
"notes": [
{
"category": "general",
"text": "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15946",
"url": "https://www.suse.com/security/cve/CVE-2019-15946"
},
{
"category": "external",
"summary": "SUSE Bug 1149747 for CVE-2019-15946",
"url": "https://bugzilla.suse.com/1149747"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2019-15946",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-15946"
},
{
"cve": "CVE-2019-19479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19479"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19479",
"url": "https://www.suse.com/security/cve/CVE-2019-19479"
},
{
"category": "external",
"summary": "SUSE Bug 1158256 for CVE-2019-19479",
"url": "https://bugzilla.suse.com/1158256"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2019-19479",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-19479"
},
{
"cve": "CVE-2019-19481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19481"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19481",
"url": "https://www.suse.com/security/cve/CVE-2019-19481"
},
{
"category": "external",
"summary": "SUSE Bug 1158305 for CVE-2019-19481",
"url": "https://bugzilla.suse.com/1158305"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2019-19481",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-19481"
},
{
"cve": "CVE-2019-20792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-20792"
}
],
"notes": [
{
"category": "general",
"text": "OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-20792",
"url": "https://www.suse.com/security/cve/CVE-2019-20792"
},
{
"category": "external",
"summary": "SUSE Bug 1170809 for CVE-2019-20792",
"url": "https://bugzilla.suse.com/1170809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2019-20792"
},
{
"cve": "CVE-2019-6502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6502"
}
],
"notes": [
{
"category": "general",
"text": "sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6502",
"url": "https://www.suse.com/security/cve/CVE-2019-6502"
},
{
"category": "external",
"summary": "SUSE Bug 1122756 for CVE-2019-6502",
"url": "https://bugzilla.suse.com/1122756"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2019-6502",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "low"
}
],
"title": "CVE-2019-6502"
},
{
"cve": "CVE-2020-26570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26570"
}
],
"notes": [
{
"category": "general",
"text": "The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26570",
"url": "https://www.suse.com/security/cve/CVE-2020-26570"
},
{
"category": "external",
"summary": "SUSE Bug 1177364 for CVE-2020-26570",
"url": "https://bugzilla.suse.com/1177364"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2020-26570",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2020-26570"
},
{
"cve": "CVE-2020-26571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26571"
}
],
"notes": [
{
"category": "general",
"text": "The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26571",
"url": "https://www.suse.com/security/cve/CVE-2020-26571"
},
{
"category": "external",
"summary": "SUSE Bug 1177380 for CVE-2020-26571",
"url": "https://bugzilla.suse.com/1177380"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2020-26571",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2020-26571"
},
{
"cve": "CVE-2020-26572",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26572"
}
],
"notes": [
{
"category": "general",
"text": "The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26572",
"url": "https://www.suse.com/security/cve/CVE-2020-26572"
},
{
"category": "external",
"summary": "SUSE Bug 1177378 for CVE-2020-26572",
"url": "https://bugzilla.suse.com/1177378"
},
{
"category": "external",
"summary": "SUSE Bug 1179291 for CVE-2020-26572",
"url": "https://bugzilla.suse.com/1179291"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2020-26572"
},
{
"cve": "CVE-2021-42779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42779"
}
],
"notes": [
{
"category": "general",
"text": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42779",
"url": "https://www.suse.com/security/cve/CVE-2021-42779"
},
{
"category": "external",
"summary": "SUSE Bug 1191992 for CVE-2021-42779",
"url": "https://bugzilla.suse.com/1191992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "moderate"
}
],
"title": "CVE-2021-42779"
},
{
"cve": "CVE-2021-42780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42780"
}
],
"notes": [
{
"category": "general",
"text": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42780",
"url": "https://www.suse.com/security/cve/CVE-2021-42780"
},
{
"category": "external",
"summary": "SUSE Bug 1192005 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "external",
"summary": "SUSE Bug 1196716 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1196716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "low"
}
],
"title": "CVE-2021-42780"
},
{
"cve": "CVE-2021-42781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42781"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42781",
"url": "https://www.suse.com/security/cve/CVE-2021-42781"
},
{
"category": "external",
"summary": "SUSE Bug 1192000 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "important"
}
],
"title": "CVE-2021-42781"
},
{
"cve": "CVE-2021-42782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42782"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42782",
"url": "https://www.suse.com/security/cve/CVE-2021-42782"
},
{
"category": "external",
"summary": "SUSE Bug 1191957 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192635"
},
{
"category": "external",
"summary": "SUSE Bug 1192643 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192643"
},
{
"category": "external",
"summary": "SUSE Bug 1192786 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192786"
},
{
"category": "external",
"summary": "SUSE Bug 1193388 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1193388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:opensc-0.18.0-150000.3.23.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:opensc-0.18.0-150000.3.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-03-30T13:25:11Z",
"details": "important"
}
],
"title": "CVE-2021-42782"
}
]
}
suse-su-2022:1156-1
Vulnerability from csaf_suse
Published
2022-04-12 07:55
Modified
2022-04-12 07:55
Summary
Security update for opensc
Notes
Title of the patch
Security update for opensc
Description of the patch
This update for opensc fixes the following issues:
Security issues fixed:
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
Non-security issues fixed:
- Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649)
Patchnames
SUSE-2022-1156,SUSE-SLE-Module-Basesystem-15-SP3-2022-1156,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1156,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1156,SUSE-SLE-Product-RT-15-SP2-2022-1156,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1156,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1156,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1156,SUSE-SUSE-MicroOS-5.1-2022-1156,SUSE-Storage-6-2022-1156,openSUSE-SLE-15.3-2022-1156
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opensc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opensc fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).\n- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).\n- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).\n- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).\n\nNon-security issues fixed: \n\n- Fixes segmentation fault in \u0027pkcs11-tool.c\u0027. (bsc#1114649)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1156,SUSE-SLE-Module-Basesystem-15-SP3-2022-1156,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1156,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1156,SUSE-SLE-Product-RT-15-SP2-2022-1156,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1156,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1156,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1156,SUSE-SUSE-MicroOS-5.1-2022-1156,SUSE-Storage-6-2022-1156,openSUSE-SLE-15.3-2022-1156",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1156-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1156-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221156-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1156-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010682.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114649",
"url": "https://bugzilla.suse.com/1114649"
},
{
"category": "self",
"summary": "SUSE Bug 1191957",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "self",
"summary": "SUSE Bug 1191992",
"url": "https://bugzilla.suse.com/1191992"
},
{
"category": "self",
"summary": "SUSE Bug 1192000",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "self",
"summary": "SUSE Bug 1192005",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42779 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42780 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42781 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42782 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42782/"
}
],
"title": "Security update for opensc",
"tracking": {
"current_release_date": "2022-04-12T07:55:14Z",
"generator": {
"date": "2022-04-12T07:55:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1156-1",
"initial_release_date": "2022-04-12T07:55:14Z",
"revision_history": [
{
"date": "2022-04-12T07:55:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.19.0-150100.3.16.1.aarch64",
"product": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64",
"product_id": "opensc-0.19.0-150100.3.16.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-64bit-0.19.0-150100.3.16.1.aarch64_ilp32",
"product": {
"name": "opensc-64bit-0.19.0-150100.3.16.1.aarch64_ilp32",
"product_id": "opensc-64bit-0.19.0-150100.3.16.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.19.0-150100.3.16.1.i586",
"product": {
"name": "opensc-0.19.0-150100.3.16.1.i586",
"product_id": "opensc-0.19.0-150100.3.16.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.19.0-150100.3.16.1.ppc64le",
"product": {
"name": "opensc-0.19.0-150100.3.16.1.ppc64le",
"product_id": "opensc-0.19.0-150100.3.16.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.19.0-150100.3.16.1.s390x",
"product": {
"name": "opensc-0.19.0-150100.3.16.1.s390x",
"product_id": "opensc-0.19.0-150100.3.16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.19.0-150100.3.16.1.x86_64",
"product": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64",
"product_id": "opensc-0.19.0-150100.3.16.1.x86_64"
}
},
{
"category": "product_version",
"name": "opensc-32bit-0.19.0-150100.3.16.1.x86_64",
"product": {
"name": "opensc-32bit-0.19.0-150100.3.16.1.x86_64",
"product_id": "opensc-32bit-0.19.0-150100.3.16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.19.0-150100.3.16.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-32bit-0.19.0-150100.3.16.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
},
"product_reference": "opensc-32bit-0.19.0-150100.3.16.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42779"
}
],
"notes": [
{
"category": "general",
"text": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42779",
"url": "https://www.suse.com/security/cve/CVE-2021-42779"
},
{
"category": "external",
"summary": "SUSE Bug 1191992 for CVE-2021-42779",
"url": "https://bugzilla.suse.com/1191992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-12T07:55:14Z",
"details": "moderate"
}
],
"title": "CVE-2021-42779"
},
{
"cve": "CVE-2021-42780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42780"
}
],
"notes": [
{
"category": "general",
"text": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42780",
"url": "https://www.suse.com/security/cve/CVE-2021-42780"
},
{
"category": "external",
"summary": "SUSE Bug 1192005 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "external",
"summary": "SUSE Bug 1196716 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1196716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-12T07:55:14Z",
"details": "low"
}
],
"title": "CVE-2021-42780"
},
{
"cve": "CVE-2021-42781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42781"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42781",
"url": "https://www.suse.com/security/cve/CVE-2021-42781"
},
{
"category": "external",
"summary": "SUSE Bug 1192000 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-12T07:55:14Z",
"details": "important"
}
],
"title": "CVE-2021-42781"
},
{
"cve": "CVE-2021-42782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42782"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42782",
"url": "https://www.suse.com/security/cve/CVE-2021-42782"
},
{
"category": "external",
"summary": "SUSE Bug 1191957 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192635"
},
{
"category": "external",
"summary": "SUSE Bug 1192643 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192643"
},
{
"category": "external",
"summary": "SUSE Bug 1192786 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192786"
},
{
"category": "external",
"summary": "SUSE Bug 1193388 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1193388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Enterprise Storage 6:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Micro 5.1:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Real Time 15 SP2:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:opensc-0.19.0-150100.3.16.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.aarch64",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.ppc64le",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.s390x",
"openSUSE Leap 15.3:opensc-0.19.0-150100.3.16.1.x86_64",
"openSUSE Leap 15.3:opensc-32bit-0.19.0-150100.3.16.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-12T07:55:14Z",
"details": "important"
}
],
"title": "CVE-2021-42782"
}
]
}
suse-su-2021:3582-1
Vulnerability from csaf_suse
Published
2021-10-29 14:26
Modified
2021-10-29 14:26
Summary
Security update for opensc
Notes
Title of the patch
Security update for opensc
Description of the patch
This update for opensc fixes the following issues:
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
Patchnames
HPE-Helion-OpenStack-8-2021-3582,SUSE-2021-3582,SUSE-OpenStack-Cloud-8-2021-3582,SUSE-OpenStack-Cloud-9-2021-3582,SUSE-OpenStack-Cloud-Crowbar-8-2021-3582,SUSE-OpenStack-Cloud-Crowbar-9-2021-3582,SUSE-SLE-SAP-12-SP3-2021-3582,SUSE-SLE-SAP-12-SP4-2021-3582,SUSE-SLE-SERVER-12-SP2-BCL-2021-3582,SUSE-SLE-SERVER-12-SP3-2021-3582,SUSE-SLE-SERVER-12-SP3-BCL-2021-3582,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3582,SUSE-SLE-SERVER-12-SP5-2021-3582
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for opensc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for opensc fixes the following issues:\n\n- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).\n- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).\n- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).\n- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2021-3582,SUSE-2021-3582,SUSE-OpenStack-Cloud-8-2021-3582,SUSE-OpenStack-Cloud-9-2021-3582,SUSE-OpenStack-Cloud-Crowbar-8-2021-3582,SUSE-OpenStack-Cloud-Crowbar-9-2021-3582,SUSE-SLE-SAP-12-SP3-2021-3582,SUSE-SLE-SAP-12-SP4-2021-3582,SUSE-SLE-SERVER-12-SP2-BCL-2021-3582,SUSE-SLE-SERVER-12-SP3-2021-3582,SUSE-SLE-SERVER-12-SP3-BCL-2021-3582,SUSE-SLE-SERVER-12-SP4-LTSS-2021-3582,SUSE-SLE-SERVER-12-SP5-2021-3582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3582-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3582-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213582-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3582-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-October/009683.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191957",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "self",
"summary": "SUSE Bug 1191992",
"url": "https://bugzilla.suse.com/1191992"
},
{
"category": "self",
"summary": "SUSE Bug 1192000",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "self",
"summary": "SUSE Bug 1192005",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42779 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42779/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42780 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42780/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42781 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42781/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42782 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42782/"
}
],
"title": "Security update for opensc",
"tracking": {
"current_release_date": "2021-10-29T14:26:39Z",
"generator": {
"date": "2021-10-29T14:26:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3582-1",
"initial_release_date": "2021-10-29T14:26:39Z",
"revision_history": [
{
"date": "2021-10-29T14:26:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.aarch64",
"product": {
"name": "opensc-0.13.0-3.19.1.aarch64",
"product_id": "opensc-0.13.0-3.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.i586",
"product": {
"name": "opensc-0.13.0-3.19.1.i586",
"product_id": "opensc-0.13.0-3.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.ppc64le",
"product": {
"name": "opensc-0.13.0-3.19.1.ppc64le",
"product_id": "opensc-0.13.0-3.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.s390",
"product": {
"name": "opensc-0.13.0-3.19.1.s390",
"product_id": "opensc-0.13.0-3.19.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.s390x",
"product": {
"name": "opensc-0.13.0-3.19.1.s390x",
"product_id": "opensc-0.13.0-3.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "opensc-0.13.0-3.19.1.x86_64",
"product": {
"name": "opensc-0.13.0-3.19.1.x86_64",
"product_id": "opensc-0.13.0-3.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64"
},
"product_reference": "opensc-0.13.0-3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x"
},
"product_reference": "opensc-0.13.0-3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64"
},
"product_reference": "opensc-0.13.0-3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x"
},
"product_reference": "opensc-0.13.0-3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64"
},
"product_reference": "opensc-0.13.0-3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x"
},
"product_reference": "opensc-0.13.0-3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64"
},
"product_reference": "opensc-0.13.0-3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le"
},
"product_reference": "opensc-0.13.0-3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x"
},
"product_reference": "opensc-0.13.0-3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "opensc-0.13.0-3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64"
},
"product_reference": "opensc-0.13.0-3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42779",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42779"
}
],
"notes": [
{
"category": "general",
"text": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42779",
"url": "https://www.suse.com/security/cve/CVE-2021-42779"
},
{
"category": "external",
"summary": "SUSE Bug 1191992 for CVE-2021-42779",
"url": "https://bugzilla.suse.com/1191992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:26:39Z",
"details": "moderate"
}
],
"title": "CVE-2021-42779"
},
{
"cve": "CVE-2021-42780",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42780"
}
],
"notes": [
{
"category": "general",
"text": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42780",
"url": "https://www.suse.com/security/cve/CVE-2021-42780"
},
{
"category": "external",
"summary": "SUSE Bug 1192005 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1192005"
},
{
"category": "external",
"summary": "SUSE Bug 1196716 for CVE-2021-42780",
"url": "https://bugzilla.suse.com/1196716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:26:39Z",
"details": "low"
}
],
"title": "CVE-2021-42780"
},
{
"cve": "CVE-2021-42781",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42781"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42781",
"url": "https://www.suse.com/security/cve/CVE-2021-42781"
},
{
"category": "external",
"summary": "SUSE Bug 1192000 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192000"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42781",
"url": "https://bugzilla.suse.com/1192635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:26:39Z",
"details": "important"
}
],
"title": "CVE-2021-42781"
},
{
"cve": "CVE-2021-42782",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42782"
}
],
"notes": [
{
"category": "general",
"text": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42782",
"url": "https://www.suse.com/security/cve/CVE-2021-42782"
},
{
"category": "external",
"summary": "SUSE Bug 1191957 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1191957"
},
{
"category": "external",
"summary": "SUSE Bug 1192635 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192635"
},
{
"category": "external",
"summary": "SUSE Bug 1192643 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192643"
},
{
"category": "external",
"summary": "SUSE Bug 1192786 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1192786"
},
{
"category": "external",
"summary": "SUSE Bug 1193388 for CVE-2021-42782",
"url": "https://bugzilla.suse.com/1193388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:opensc-0.13.0-3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud 9:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:opensc-0.13.0-3.19.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:opensc-0.13.0-3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-10-29T14:26:39Z",
"details": "important"
}
],
"title": "CVE-2021-42782"
}
]
}
wid-sec-w-2022-1310
Vulnerability from csaf_certbund
Published
2022-04-25 22:00
Modified
2025-04-09 22:00
Summary
OpenSC: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
OpenSC stellt Bibliotheken und Werkzeuge zur Programmierung und Nutzung von Chipkarten bereit.
Angriff
Ein Angreifer kann eine Schwachstelle in OpenSC ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSC stellt Bibliotheken und Werkzeuge zur Programmierung und Nutzung von Chipkarten bereit.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann eine Schwachstelle in OpenSC ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1310 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1310.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1310 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1310"
},
{
"category": "external",
"summary": "Red Hat Bugzilla - Bug 2016139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"category": "external",
"summary": "National Vulnerability Database CVE-2021-42780 vom 2022-04-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42780"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202209-03 vom 2022-09-07",
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3463 vom 2023-06-21",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2023-2102 vom 2023-07-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2102.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4004 vom 2024-12-28",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7346-1 vom 2025-03-12",
"url": "https://ubuntu.com/security/notices/USN-7346-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7346-2 vom 2025-03-28",
"url": "https://ubuntu.com/security/notices/USN-7346-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7346-3 vom 2025-04-10",
"url": "https://ubuntu.com/security/notices/USN-7346-3"
}
],
"source_lang": "en-US",
"title": "OpenSC: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-04-09T22:00:00.000+00:00",
"generator": {
"date": "2025-04-10T08:25:37.612+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2022-1310",
"initial_release_date": "2022-04-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-04-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Gentoo aufgenommen"
},
{
"date": "2023-06-20T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-07-02T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-12-29T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-30T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-04-09T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c0.22.0",
"product": {
"name": "Open Source OpenSC \u003c0.22.0",
"product_id": "T020789"
}
},
{
"category": "product_version",
"name": "0.22.0",
"product": {
"name": "Open Source OpenSC 0.22.0",
"product_id": "T020789-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:opensc:opensc:0.22.0"
}
}
}
],
"category": "product_name",
"name": "OpenSC"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42780",
"product_status": {
"known_affected": [
"2951",
"T020789",
"T000126",
"398363",
"T012167"
]
},
"release_date": "2022-04-25T22:00:00.000+00:00",
"title": "CVE-2021-42780"
}
]
}
fkie_cve-2021-42780
Vulnerability from fkie_nvd
Published
2022-04-18 17:15
Modified
2024-11-21 06:28
Severity ?
Summary
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2016139 | Issue Tracking, Patch, Third Party Advisory | |
| secalert@redhat.com | https://github.com/OpenSC/OpenSC/commit/5df913b7 | Patch, Third Party Advisory | |
| secalert@redhat.com | https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/202209-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 | Issue Tracking, Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2016139 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/OpenSC/OpenSC/commit/5df913b7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202209-03 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensc_project | opensc | * | |
| fedoraproject | fedora | 33 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B75A7FDD-CA09-46EF-8FAC-11732898B84B",
"versionEndExcluding": "0.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library."
},
{
"lang": "es",
"value": "Se ha encontrado un problema de tipo use after return En Opensc versiones anteriores a 0.22.0, en la funci\u00f3n insert_pin que podr\u00eda bloquear los programas que usan la biblioteca"
}
],
"id": "CVE-2021-42780",
"lastModified": "2024-11-21T06:28:09.707",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-18T17:15:16.243",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-03"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-7wjg-mhwg-m2rc
Vulnerability from github
Published
2022-04-19 00:00
Modified
2022-04-26 00:00
Severity ?
VLAI Severity ?
Details
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
{
"affected": [],
"aliases": [
"CVE-2021-42780"
],
"database_specific": {
"cwe_ids": [
"CWE-252"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-18T17:15:00Z",
"severity": "MODERATE"
},
"details": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.",
"id": "GHSA-7wjg-mhwg-m2rc",
"modified": "2022-04-26T00:00:51Z",
"published": "2022-04-19T00:00:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42780"
},
{
"type": "WEB",
"url": "https://github.com/OpenSC/OpenSC/commit/5df913b7"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-03"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…