First Last Prev Next    This bug is not in your last search results.
Bug 1122756 - (CVE-2019-6502) VUL-1: CVE-2019-6502: opensc: memory leak in sc_context_create in ctx.c
(CVE-2019-6502)
VUL-1: CVE-2019-6502: opensc: memory leak in sc_context_create in ctx.c
Status: IN_PROGRESS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/223520/
ibs:running:11155:moderate CVSSv3:SUS...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-22 11:51 UTC by Alexander Bergmann
Modified: 2022-11-23 17:23 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-01-22 11:51:36 UTC 
CVE-2019-6502

sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as
demonstrated by a call from eidenv.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6502
https://github.com/OpenSC/OpenSC/issues/1586
Comment 1 Markéta Machová 2019-04-01 08:29:14 UTC 
Upstream maintainers have probably fixed it: https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9. But it looks like they are not sure themselves.
Comment 4 Markéta Machová 2019-05-03 10:17:20 UTC 
and SLE11: https://build.suse.de/request/show/191922
SLE10SP3 is not affected by this bug. Reassigning back to security team.
Comment 5 Swamp Workflow Management 2020-11-03 14:36:48 UTC 
SUSE-SU-2020:3133-1: An update that fixes one vulnerability is now available.

Category: security (low)
Bug References: 1122756
CVE References: CVE-2019-6502
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    opensc-0.13.0-3.6.27

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2022-03-30 19:28:02 UTC 
SUSE-SU-2022:1041-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1114649,1122756,1149746,1149747,1158256,1158305,1170809,1177364,1177378,1177380,1191957,1191992,1192000,1192005
CVE References: CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2019-19481,CVE-2019-20792,CVE-2019-6502,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572,CVE-2021-42779,CVE-2021-42780,CVE-2021-42781,CVE-2021-42782
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    opensc-0.18.0-150000.3.23.1
SUSE Linux Enterprise Server 15-LTSS (src):    opensc-0.18.0-150000.3.23.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    opensc-0.18.0-150000.3.23.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    opensc-0.18.0-150000.3.23.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 Swamp Workflow Management 2022-11-23 17:23:17 UTC 
SUSE-SU-2022:4196-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1122756
CVE References: CVE-2019-6502
JIRA References: 
Sources used:
openSUSE Leap Micro 5.2 (src):    opensc-0.19.0-150100.3.19.1
openSUSE Leap 15.3 (src):    opensc-0.19.0-150100.3.19.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    opensc-0.19.0-150100.3.19.1
SUSE Linux Enterprise Micro 5.2 (src):    opensc-0.19.0-150100.3.19.1
SUSE Linux Enterprise Micro 5.1 (src):    opensc-0.19.0-150100.3.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
First Last Prev Next    This bug is not in your last search results.