Bugzilla – Bug 1158256
VUL-1: CVE-2019-19479: opensc: incorrect read operation during parsing of a SETCOS file attribute
Last modified: 2022-09-20 11:26:03 UTC
CVE-2019-19479 An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19479 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-19479.html
The commit that fixes the issue[1] seems to apply to the following codestreams: SLE11 SLE12 SLE15 SLE15-SP1 Thus, they are tracked as affected. It seems that there is additional information at [2] but currently I do not have access. [1] https://github.com/OpenSC/OpenSC/commit/c3f23b836e5a1766c36617fe1da30d22f7b63de2#diff-b2dac517a044cf08bbc58f3543aa9582 [2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18693
| stream | patch | request | |------------------------+------------------------------------+---------| | SUSE:SLE-15-SP1:Update | opensc-0_19_0-CVE-2019-19479.patch | 238388 | | SUSE:SLE-15:Update | opensc-0_18_0-CVE-2019-19479.patch | 238394 | | SUSE:SLE-12:Update | opensc-0_13_0-CVE-2019-19479.patch | 238395 | | SUSE:SLE-11:Update | opensc-0_11_6-CVE-2019-19479.patch | 238396 |
SUSE-SU-2021:0998-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1149746,1149747,1158256,1177364,1177378,1177380 CVE References: CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): opensc-0.13.0-3.11.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:1168-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1149746,1149747,1158256,1158307,1170809,1177364,1177378,1177380 CVE References: CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2019-19480,CVE-2019-20792,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572 JIRA References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): opensc-0.19.0-3.7.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): opensc-0.19.0-3.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0565-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 1149746,1149747,1158256,1158307,1170809,1177364,1177378,1177380 CVE References: CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2019-19480,CVE-2019-20792,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572 JIRA References: Sources used: openSUSE Leap 15.2 (src): opensc-0.19.0-lp152.3.3.1
SUSE-SU-2022:1041-1: An update that solves 13 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1114649,1122756,1149746,1149747,1158256,1158305,1170809,1177364,1177378,1177380,1191957,1191992,1192000,1192005 CVE References: CVE-2019-15945,CVE-2019-15946,CVE-2019-19479,CVE-2019-19481,CVE-2019-20792,CVE-2019-6502,CVE-2020-26570,CVE-2020-26571,CVE-2020-26572,CVE-2021-42779,CVE-2021-42780,CVE-2021-42781,CVE-2021-42782 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): opensc-0.18.0-150000.3.23.1 SUSE Linux Enterprise Server 15-LTSS (src): opensc-0.18.0-150000.3.23.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): opensc-0.18.0-150000.3.23.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): opensc-0.18.0-150000.3.23.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, closing.