32036 – opensc new security issue CVE-2023-2977

Bug 32036 - opensc new security issue CVE-2023-2977

Summary: opensc new security issue CVE-2023-2977

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-06-21 15:42 CEST by David Walser
Modified:	2023-07-07 07:56 CEST (History)
CC List:	5 users (show)

See Also:
Source RPM:	opensc-0.22.0-3.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2023-06-21 15:42:46 CEST

Debian-LTS has issued an advisory today (June 21):
https://www.debian.org/lts/security/2023/dla-3463

We should also update Cauldron to 0.23 for the fuzz/coverity fixes.

Mageia 8 is also affected.

David Walser 2023-06-21 15:43:00 CEST

Whiteboard: (none) => MGA8TOO
Status comment: (none) => Patches available from upstream and Debian

Comment 1 David GEIGER 2023-06-22 20:23:02 CEST

Done for both mga8 and cauldron!

freeze_move requested for cauldron.

CC: (none) => geiger.david68210

Comment 2 David GEIGER 2023-06-22 20:25:59 CEST

Packages in 8/Core/Updates_testing:
======================
opensc-0.22.0-1.1.mga8
libopensc-devel-0.22.0-1.1.mga8
libopensc8-0.22.0-1.1.mga8
libsmm-local8-0.22.0-1.1.mga8
lib64opensc-devel-0.22.0-1.1.mga8
lib64opensc8-0.22.0-1.1.mga8
lib64smm-local8-0.22.0-1.1.mga8

From SRPMS:
opensc-0.22.0-1.1.mga8.xsrc.rpm

Comment 3 Lewis Smith 2023-06-22 21:15:00 CEST

Super work yet again, DavidG. Assigning the update to you.

CC: geiger.david68210 => (none)
Assignee: bugsquad => geiger.david68210

David Walser 2023-06-23 00:37:20 CEST

CC: (none) => geiger.david68210
Status comment: Patches available from upstream and Debian => (none)

Comment 4 David GEIGER 2023-06-24 13:20:52 CEST

Assigning to QA.

Assignee: geiger.david68210 => qa-bugs
Whiteboard: MGA8TOO => (none)

Thomas Backlund 2023-06-24 13:22:15 CEST

Version: Cauldron => 8

Comment 5 Herman Viaene 2023-06-26 14:40:25 CEST

MGA8-64 MATE on Acer 5253
No installation issues.
Installed acr38u, pcsclite and beid-middleware and used the command eidenv (from the opensc package) to read my belgian eid-card. Works OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2023-06-28 15:23:42 CEST

Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-07-06 23:06:02 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-07-07 07:56:35 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0222.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.