{"affected":[{"ecosystem_specific":{"binaries":[{"opensc":"0.18.0-3.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.18.0-3.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for opensc fixes the following security issues:\n\n- CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)\n- CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)\n- CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)\n- CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)\n- CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)\n- CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)\n- CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049)\n- CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)\n- CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)\n- CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036)\n- CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035)\n- CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)\n- CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)\n\n","id":"SUSE-SU-2018:3629-1","modified":"2018-11-05T16:57:43Z","published":"2018-11-05T16:57:43Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183629-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104812"},{"type":"REPORT","url":"https://bugzilla.suse.com/1106998"},{"type":"REPORT","url":"https://bugzilla.suse.com/1106999"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107033"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107034"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107035"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107036"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107037"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107038"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107039"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107097"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108318"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16391"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16392"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16393"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16418"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16419"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16420"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16422"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16423"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16424"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16425"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16426"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-16427"}],"related":["CVE-2018-16391","CVE-2018-16392","CVE-2018-16393","CVE-2018-16418","CVE-2018-16419","CVE-2018-16420","CVE-2018-16421","CVE-2018-16422","CVE-2018-16423","CVE-2018-16424","CVE-2018-16425","CVE-2018-16426","CVE-2018-16427"],"summary":"Security update for opensc","upstream":["CVE-2018-16391","CVE-2018-16392","CVE-2018-16393","CVE-2018-16418","CVE-2018-16419","CVE-2018-16420","CVE-2018-16421","CVE-2018-16422","CVE-2018-16423","CVE-2018-16424","CVE-2018-16425","CVE-2018-16426","CVE-2018-16427"]}