RedHat has issued an advisory on February 26: https://lwn.net/Articles/963644/ Mageia 9 is also affected.
Whiteboard: (none) => MGA9TOOCVE: (none) => CVE-2023-5992Status comment: (none) => Fixed upstream in 0.25.0Source RPM: (none) => opensc-0.22.0-3.mga9.src.rpm
Another reference: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 The following pull request fixes the issue: https://github.com/OpenSC/OpenSC/pull/2948
No one obvious packager for this, so assigning the security update globally.
Assignee: bugsquad => pkg-bugs
Version: Cauldron => 9Whiteboard: MGA9TOO => (none)
Suggested advisory: ======================== The updated packages fix a security vulnerability: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. (CVE-2023-5992) References: https://lwn.net/Articles/963644/ https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 ======================== Updated packages in core/updates_testing: ======================== lib(64)opensc11-0.25.0-1.mga9 lib(64)opensc-devel-0.25.0-1.mga9 lib(64)smm-local11-0.25.0-1.mga9 opensc-0.25.0-1.mga9 from SRPM: opensc-0.25.0-1.mga9.src.rpm
Status comment: Fixed upstream in 0.25.0 => (none)Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugs
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues, installed Belgian eid software as well. Running eidenv command from opensc: $ eidenv Using reader with a card: VASCO DIGIPASS 870 [CCID] 00 00 BELPIC_CARDNUMBER: xxxxxxxx BELPIC_CHIPNUMBER: yyyyyyyyyyyyyyyyyyyyyyy etc....... Running Belgian eid-viewer displays data and picture from eid-card correctly. Added Belgium eid extension to Firefox and configured its security device, then I could login into government site demanding authentication via eid-card. All works OK.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0101.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED