Scientific Linux Security Update : opensc on SL7.x x86_64

Medium Nessus Plugin ID 128245

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

The following packages have been upgraded to a later upstream version:
opensc (0.19.0).

Security Fix(es) :

- opensc: Buffer overflows handling responses from Muscle Cards in card- muscle.c:muscle_list_files() (CVE-2018-16391)

- opensc: Buffer overflows handling responses from TCOS Cards in card- tcos.c:tcos_select_file() (CVE-2018-16392)

- opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)

- opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)

- opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)

- opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)

- opensc: Buffer overflows handling responses from CAC Cards in card- cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)

- opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)

- opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)

- opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)

- opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)

Solution

Update the affected opensc and / or opensc-debuginfo packages.

See Also

http://www.nessus.org/u?690bc3a0

Plugin Details

Severity: Medium

ID: 128245

File Name: sl_20190806_opensc_on_SL7_x.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2019/08/27

Updated: 2019/08/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2019/08/06

Vulnerability Publication Date: 2018/09/03

Reference Information

CVE: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16426, CVE-2018-16427