pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2018-2326/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

260 lines
13 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20182326",
"Version": "oval:org.altlinux.errata:def:20182326",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-2326: package `opensc` update to version 0.19.0-alt2.rc1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-2326",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-2326",
"Source": "ALTPU"
},
{
"RefID": "CVE-2018-16391",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16391",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16392",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16392",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16393",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16393",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16418",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16418",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16419",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16419",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16420",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16420",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16421",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16421",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16422",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16422",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16423",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16423",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16424",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16424",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16425",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16425",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16426",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16426",
"Source": "CVE"
},
{
"RefID": "CVE-2018-16427",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-16427",
"Source": "CVE"
}
],
"Description": "This update upgrades opensc to version 0.19.0-alt2.rc1. \nSecurity Fix(es):\n\n * CVE-2018-16391: Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16392: Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16393: Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16418: A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16419: Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16420: Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16421: Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16422: A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16423: A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16424: A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16425: A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.\n\n * CVE-2018-16426: Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.\n\n * CVE-2018-16427: Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Low",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-09-15"
},
"Updated": {
"Date": "2018-09-15"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2018-16391",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16391",
"Impact": "Low",
"Public": "20180903"
},
{
"ID": "CVE-2018-16392",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16392",
"Impact": "Low",
"Public": "20180903"
},
{
"ID": "CVE-2018-16393",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16393",
"Impact": "Low",
"Public": "20180903"
},
{
"ID": "CVE-2018-16418",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16418",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16419",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16419",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16420",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16420",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16421",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16421",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16422",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16422",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16423",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16423",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16424",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16424",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16425",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16425",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16426",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16426",
"Impact": "Low",
"Public": "20180904"
},
{
"ID": "CVE-2018-16427",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-16427",
"Impact": "Low",
"Public": "20180904"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20182326001",
"Comment": "libopensc is earlier than 0:0.19.0-alt2.rc1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182326002",
"Comment": "libopensc-devel is earlier than 0:0.19.0-alt2.rc1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20182326003",
"Comment": "opensc is earlier than 0:0.19.0-alt2.rc1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink