{"affected":[{"ecosystem_specific":{"binaries":[{"opensc":"0.22.0-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.22.0-150400.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"opensc":"0.22.0-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.4","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.22.0-150400.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"opensc":"0.22.0-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.22.0-150400.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"opensc":"0.22.0-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.22.0-150400.3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"opensc":"0.22.0-150400.3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP5","name":"opensc","purl":"pkg:rpm/suse/opensc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.22.0-150400.3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for opensc fixes the following issues:\n\n- CVE-2023-40660: Fixed a PIN bypass that could be triggered when\n  cards tracked their own login state (bsc#1215762).\n- CVE-2023-40661: Fixed several memory safety issues that could happen\n  during the card enrollment process using pkcs15-init (bsc#1215761).\n","id":"SUSE-SU-2023:4089-1","modified":"2023-10-16T11:17:46Z","published":"2023-10-16T11:17:46Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234089-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215761"},{"type":"REPORT","url":"https://bugzilla.suse.com/1215762"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40660"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40661"}],"related":["CVE-2023-40660","CVE-2023-40661"],"summary":"Security update for opensc","upstream":["CVE-2023-40660","CVE-2023-40661"]}