{"id":"MGASA-2020-0026","summary":"Updated opensc packages fix security vulnerability","details":"Updated opensc packages fix security vulnerabilities:\n\nsc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory\nleak, as demonstrated by a call from eidenv (CVE-2019-6502).\n\nOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring\nin decode_bit_string in libopensc/asn1.c (CVE-2019-15945).\n\nOpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet\nstring in asn1_decode_entry in libopensc/asn1.c (CVE-2019-15946).\n\nAn issue was discovered in OpenSC through 0.19.0 and 0.20.x through\n0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during\nparsing of a SETCOS file attribute (CVE-2019-19479).\n\nAn issue was discovered in OpenSC through 0.19.0 and 0.20.x through\n0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in\nsc_pkcs15_decode_prkdf_entry (CVE-2019-19480).\n\nAn issue was discovered in OpenSC through 0.19.0 and 0.20.x through\n0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC\ncertificates (CVE-2019-19481).\n\nThe opensc package has been updated to version 0.20.0, which has fixes for\nthese issues and other improvements.\n","modified":"2026-01-31T23:15:33.538353Z","published":"2020-01-07T21:19:56Z","related":["CVE-2019-15945","CVE-2019-15946","CVE-2019-19479","CVE-2019-19480","CVE-2019-19481","CVE-2019-6502"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0026.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25975"},{"type":"REPORT","url":"https://github.com/OpenSC/OpenSC/releases/tag/0.20.0"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2019/12/29/1"}],"affected":[{"package":{"name":"opensc","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/opensc?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.20.0-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0026.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}