UbuntuUpdates.org

Package "opensc"

Name: opensc

Description:

Smart card utilities with support for PKCS#15 compatible cards
Latest version: 0.25.1-2ubuntu1.1
Release: oracular (24.10)
Level: updates
Repository: universe
Homepage: https://github.com/OpenSC/OpenSC/wiki

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "opensc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "opensc" in Oracular

Repository Area Version
base universe 0.25.1-2ubuntu1
security universe 0.25.1-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.25.1-2ubuntu1.1 2025-03-12 10:07:33 UTC

  opensc (0.25.1-2ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Missing variable initialization
    - debian/patches/CVE-2024-45615-1.patch: Fix uninitialized values
    - debian/patches/CVE-2024-45615-2.patch: Initialize variables for tag and
      CLA
    - debian/patches/CVE-2024-45615-3.patch: Initialize OID length
    - debian/patches/CVE-2024-45615-4.patch: Initialize variables for tag and
      CLA
    - debian/patches/CVE-2024-45615-5.patch: Avoid using uninitialized memory
    - debian/patches/CVE-2024-45617-1.patch: Check return value when selecting
      AID
    - debian/patches/CVE-2024-45617-2.patch: Return error when response length
      is 0
    - debian/patches/CVE-2024-45617-3.patch: Check number of read bytes
    - debian/patches/CVE-2024-45618-1.patch: Check return value of serial num
      conversion
    - debian/patches/CVE-2024-45618-2.patch: Report transport key error
    - CVE-2024-45615
    - CVE-2024-45617
    - CVE-2024-45618
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-45616-1.patch: Fix uninitialized values
    - debian/patches/CVE-2024-45616-2.patch: Check length of APDU response
    - debian/patches/CVE-2024-45616-3.patch: Correctly calculate certificate
      length based on the resplen
    - debian/patches/CVE-2024-45616-4.patch: Check length of serial number
    - debian/patches/CVE-2024-45616-5.patch: Use actual length of reponse
      buffer
    - debian/patches/CVE-2024-45616-6.patch: Check length of response buffer
      in select
    - debian/patches/CVE-2024-45616-7.patch: Check APDU response length and
      ASN1 lengths
    - debian/patches/CVE-2024-45616-8.patch: Report invalid SW when reading
      object
    - debian/patches/CVE-2024-45616-9.patch: Avoid using uninitialized memory
    - debian/patches/CVE-2024-45616-10.patch: Check length of serial number
    - debian/patches/CVE-2024-45619-1.patch: Check number of read bytes for cert
    - debian/patches/CVE-2024-45619-2.patch: Check certificate length before
      accessing
    - debian/patches/CVE-2024-45619-3.patch: Check length of buffer for object
    - debian/patches/CVE-2024-45619-4.patch: Check length of generated key
    - debian/patches/CVE-2024-45619-5.patch: Properly check length of file list
    - debian/patches/CVE-2024-45619-6.patch: Check length of buffer before
      conversion
    - debian/patches/CVE-2024-45620-1.patch: Check length of file to be non-zero
    - debian/patches/CVE-2024-45620-2.patch: Check length of data before
      dereferencing
    - debian/patches/CVE-2024-45620-3.patch: Check length of data when parsing
    - debian/patches/CVE-2024-8443-1.patch: Avoid buffer overflow when writing
      fingerprint
    - debian/patches/CVE-2024-8443-2.patch: Do not accept non-matching key
      responses
    - CVE-2024-45616
    - CVE-2024-45619
    - CVE-2024-45620
    - CVE-2024-8443

 -- Bruce Cable <email address hidden> Thu, 06 Mar 2025 21:41:31 +1100
CVE-2024-45615 A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected
CVE-2024-45617 A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, whi
CVE-2024-45618 A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a s
CVE-2024-45616 A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, whi
CVE-2024-45619 A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, whi
CVE-2024-45620 A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system
CVE-2024-8443 A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to


About   -   Send Feedback to @ubuntu_updates