Updated opensc packages fix security vulnerabilities
Publication date: 13 Mar 2025Modification date: 13 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8443 , CVE-2024-45615 , CVE-2024-45616 , CVE-2024-45617 , CVE-2024-45618 , CVE-2024-45619 , CVE-2024-45620
Description
Heap buffer overflow in openpgp driver when generating key.
(CVE-2024-8443)
Usage of uninitialized values in libopensc and pkcs15init.
(CVE-2024-45615)
Uninitialized values after incorrect check or usage of apdu response
values in libopensc. (CVE-2024-45616)
Uninitialized values after incorrect or missing checking return values
of functions in libopensc. (CVE-2024-45617)
Uninitialized values after incorrect or missing checking return values
of functions in pkcs15init. (CVE-2024-45618)
Incorrect handling length of buffers or files in libopensc.
(CVE-2024-45619)
Incorrect handling of the length of buffers or files in pkcs15init.
(CVE-2024-45620)
References
- https://bugs.mageia.org/show_bug.cgi?id=34087
- https://ubuntu.com/security/notices/USN-7346-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8443
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45615
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45616
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45617
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45618
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45619
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45620
SRPMS
9/core
- opensc-0.25.0-1.1.mga9