Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2019:2154 - Security Advisory
Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2154 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: opensc security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for opensc is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.

The following packages have been upgraded to a later upstream version: opensc (0.19.0). (BZ#1656791)

Security Fix(es):

  • opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)
  • opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)
  • opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)
  • opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)
  • opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)
  • opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)
  • opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)
  • opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)
  • opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)
  • opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)
  • opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1627998 - CVE-2018-16391 opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files()
  • BZ - 1628002 - CVE-2018-16392 opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()
  • BZ - 1628006 - CVE-2018-16393 opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()
  • BZ - 1628010 - CVE-2018-16418 opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
  • BZ - 1628013 - CVE-2018-16419 opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key()
  • BZ - 1628016 - CVE-2018-16422 opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init()
  • BZ - 1628020 - CVE-2018-16423 opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr()
  • BZ - 1628026 - CVE-2018-16420 opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response()
  • BZ - 1628034 - CVE-2018-16421 opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID()
  • BZ - 1628044 - CVE-2018-16426 opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()
  • BZ - 1628052 - CVE-2018-16427 opensc: Out of bounds reads handling responses from smartcards
  • BZ - 1656791 - Rebase to latest OpenSC 0.19.0
  • BZ - 1672898 - CKR_KEY_TYPE_INCONSISTENT while doing ssh using sssd smart card

CVEs

  • CVE-2018-16391
  • CVE-2018-16392
  • CVE-2018-16393
  • CVE-2018-16418
  • CVE-2018-16419
  • CVE-2018-16420
  • CVE-2018-16421
  • CVE-2018-16422
  • CVE-2018-16423
  • CVE-2018-16426
  • CVE-2018-16427

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux Workstation 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux Desktop 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux for Power, big endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64
opensc-0.19.0-3.el7.ppc.rpm SHA-256: 50bf8084fb19b44bdafcc756b57a0ea4cdd0d205e71a60cdb69021f793b9bf93
opensc-0.19.0-3.el7.ppc64.rpm SHA-256: 241f56015869eae7b0f978bd93479d6ec2a800f5ebd727fae0f78604964aa72d
opensc-debuginfo-0.19.0-3.el7.ppc.rpm SHA-256: ece764b29ebe2b89ea36767bbdfe850e47e3ea03f956e255f23351a25f508ddb
opensc-debuginfo-0.19.0-3.el7.ppc64.rpm SHA-256: bf0f4789f484be7aa5e61c6a0a64890c17c9eda42657852642aba1334fb70b5f

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux for Power, little endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64le
opensc-0.19.0-3.el7.ppc64le.rpm SHA-256: 887f1c8c88a63de36b58d6f59851688d42e17fd4d4940fc6a404cad59e155371
opensc-debuginfo-0.19.0-3.el7.ppc64le.rpm SHA-256: b89ac5bdfc84556a07623a982cf0e140e474ee758e603c20df4d8cc437f5111d

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64
opensc-0.19.0-3.el7.ppc.rpm SHA-256: 50bf8084fb19b44bdafcc756b57a0ea4cdd0d205e71a60cdb69021f793b9bf93
opensc-0.19.0-3.el7.ppc64.rpm SHA-256: 241f56015869eae7b0f978bd93479d6ec2a800f5ebd727fae0f78604964aa72d
opensc-debuginfo-0.19.0-3.el7.ppc.rpm SHA-256: ece764b29ebe2b89ea36767bbdfe850e47e3ea03f956e255f23351a25f508ddb
opensc-debuginfo-0.19.0-3.el7.ppc64.rpm SHA-256: bf0f4789f484be7aa5e61c6a0a64890c17c9eda42657852642aba1334fb70b5f

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64le
opensc-0.19.0-3.el7.ppc64le.rpm SHA-256: 887f1c8c88a63de36b58d6f59851688d42e17fd4d4940fc6a404cad59e155371
opensc-debuginfo-0.19.0-3.el7.ppc64le.rpm SHA-256: b89ac5bdfc84556a07623a982cf0e140e474ee758e603c20df4d8cc437f5111d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility