Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2019:2154 - Security Advisory
Issued:
2019-08-06
Updated:
2019-08-06

RHSA-2019:2154 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: opensc security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for opensc is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures.

The following packages have been upgraded to a later upstream version: opensc (0.19.0). (BZ#1656791)

Security Fix(es):

  • opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391)
  • opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392)
  • opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393)
  • opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418)
  • opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419)
  • opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420)
  • opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421)
  • opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422)
  • opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423)
  • opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427)
  • opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 1627998 - CVE-2018-16391 opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files()
  • BZ - 1628002 - CVE-2018-16392 opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file()
  • BZ - 1628006 - CVE-2018-16393 opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()
  • BZ - 1628010 - CVE-2018-16418 opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str()
  • BZ - 1628013 - CVE-2018-16419 opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key()
  • BZ - 1628016 - CVE-2018-16422 opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init()
  • BZ - 1628020 - CVE-2018-16423 opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr()
  • BZ - 1628026 - CVE-2018-16420 opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response()
  • BZ - 1628034 - CVE-2018-16421 opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID()
  • BZ - 1628044 - CVE-2018-16426 opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()
  • BZ - 1628052 - CVE-2018-16427 opensc: Out of bounds reads handling responses from smartcards
  • BZ - 1656791 - Rebase to latest OpenSC 0.19.0
  • BZ - 1672898 - CKR_KEY_TYPE_INCONSISTENT while doing ssh using sssd smart card

CVEs

  • CVE-2018-16391
  • CVE-2018-16392
  • CVE-2018-16393
  • CVE-2018-16418
  • CVE-2018-16419
  • CVE-2018-16420
  • CVE-2018-16421
  • CVE-2018-16422
  • CVE-2018-16423
  • CVE-2018-16426
  • CVE-2018-16427

References

  • https://access.redhat.com/security/updates/classification/#moderate
  • https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux Workstation 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux Desktop 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux for Power, big endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64
opensc-0.19.0-3.el7.ppc.rpm SHA-256: 50bf8084fb19b44bdafcc756b57a0ea4cdd0d205e71a60cdb69021f793b9bf93
opensc-0.19.0-3.el7.ppc64.rpm SHA-256: 241f56015869eae7b0f978bd93479d6ec2a800f5ebd727fae0f78604964aa72d
opensc-debuginfo-0.19.0-3.el7.ppc.rpm SHA-256: ece764b29ebe2b89ea36767bbdfe850e47e3ea03f956e255f23351a25f508ddb
opensc-debuginfo-0.19.0-3.el7.ppc64.rpm SHA-256: bf0f4789f484be7aa5e61c6a0a64890c17c9eda42657852642aba1334fb70b5f

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
x86_64
opensc-0.19.0-3.el7.i686.rpm SHA-256: 3482d6577b88aa5a8cc26e5b0ec36c4e8ac5a872953cd92855cbe00399703d46
opensc-0.19.0-3.el7.x86_64.rpm SHA-256: b5d8b7c0652808142c14723334e2542fd0885d15ac74a5bbca0ae3b375d6c33d
opensc-debuginfo-0.19.0-3.el7.i686.rpm SHA-256: edef5dcae39f33727c2572d956d8e3b01d63db2b3877cb595da103d909cad7ae
opensc-debuginfo-0.19.0-3.el7.x86_64.rpm SHA-256: 8e5de8e536a30027f5978ca5fc0d90d8c481c5efdaa777af9535cfb88c1397d5

Red Hat Enterprise Linux for Power, little endian 7

SRPM
opensc-0.19.0-3.el7.src.rpm SHA-256: 466864c147fa9747e2137b2137df7300b7166ea811224eb9cd7b8890d5f7cd0c
ppc64le
opensc-0.19.0-3.el7.ppc64le.rpm SHA-256: 887f1c8c88a63de36b58d6f59851688d42e17fd4d4940fc6a404cad59e155371
opensc-debuginfo-0.19.0-3.el7.ppc64le.rpm SHA-256: b89ac5bdfc84556a07623a982cf0e140e474ee758e603c20df4d8cc437f5111d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter