An advisory has been issued on August 14: http://openwall.com/lists/oss-security/2018/08/14/3 It's not clear if older versions are affected.
Assigning to the registered maintainer.
Assignee: bugsquad => mageiaCC: (none) => marja11
0.19.0-rc1 submitted to cauldron, it should fix the issues. Older versions are probably also affected, but it's quite impossible to patch all those problems. For now I'll call this bug fixed until some more serious CVE is issued.
Status: NEW => RESOLVEDResolution: (none) => FIXED
Finally a lot more details and CVEs: https://www.openwall.com/lists/oss-security/2018/09/13/2 Should be enough to justify updating it.
Resolution: FIXED => (none)Version: Cauldron => 6Status: RESOLVED => REOPENED
Fedora has issued an advisory for this on October 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FELOINZJEHXTJ757WSU4HYL5HWENARJH/ It also lists the CVEs. (they also updated it for older Fedora versions)
Summary: opensc new security issue possibly fixed upstream in 0.19.0 => opensc new security issues fixed upstream in 0.19.0
It seems that Fedora released update only for 28 and 29, thats from 0.17.0 to 0.19.0 (major5 -> major6). We have to upgrade from major3 -> major6 and quite a lot of packages depend on opensc-devel, which probably means they would have to be rebuilt too. I'm waiting to see what's Debian gonna do with older versions.
SUSE has issued advisories for this on November 5: http://lists.suse.com/pipermail/sle-security-updates/2018-November/004829.html http://lists.suse.com/pipermail/sle-security-updates/2018-November/004830.html
openSUSE has issued advisories for this on November 10: https://lists.opensuse.org/opensuse-updates/2018-11/msg00040.html https://lists.opensuse.org/opensuse-updates/2018-11/msg00055.html
I have uploaded 0.19.0 to mga6 core/updates_testing.
Assignee: mageia => qa-bugs
Advisory: ======================== Updated opensc packages fix security vulnerabilities: Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16391). Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16392). Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16393). A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16418). Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16419). Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16420). Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16421). A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16422). A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16423). A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16424). A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact (CVE-2018-16425). Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs (CVE-2018-16426). Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs (CVE-2018-16427). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FELOINZJEHXTJ757WSU4HYL5HWENARJH/ ======================== Updated packages in core/updates_testing: ======================== opensc-0.19.0-1.mga6 libopensc6-0.19.0-1.mga6 libsmm-local6-0.19.0-1.mga6 libopensc-devel-0.19.0-1.mga6 from opensc-0.19.0-1.mga6.src.rpm
CC: (none) => mageia
MGA6-32 MATE on IBM Thinkpad R50e No installation issues At CLI: # systemctl start pcscd # systemctl -l status pcscd ● pcscd.service - PC/SC Smart Card Daemon Loaded: loaded (/usr/lib/systemd/system/pcscd.service; indirect; vendor preset: enabled) Active: active (running) since ma 2019-01-07 13:24:28 CET; 5s ago Main PID: 25345 (pcscd) CGroup: /system.slice/pcscd.service └─25345 /usr/sbin/pcscd --foreground --auto-exit note: pcsc was already installed on this laptop. then inserting my eid card in my Vasco eid reader: $ opensc-explorer OpenSC Explorer version 0.19.0 Using reader with a card: VASCO DIGIPASS 870 [CCID] 00 00 $ eidenv Using reader with a card: VASCO DIGIPASS 870 [CCID] 00 00 BELPIC_CARDNUMBER: xxxxx BELPIC_CHIPNUMBER: yyyyyyyyyy BELPIC_VALIDFROM: 24.02.2016 BELPIC_VALIDTILL: 24.02.2026 BELPIC_DELIVERINGMUNICIPALITY: Antwerpen etc ..... Side remark: pcscd does not appear in MCC - System - Services before it was activated above, I think that's not normal, unless this laptop is so slow ..... Update OK for me.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Thanks, Herman. Validating & advisoried.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0019.html
Status: REOPENED => RESOLVEDResolution: (none) => FIXED