Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 945083 (CVE-2024-45615, CVE-2024-45616, CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620, CVE-2024-8443)

Summary: <dev-libs/opensc-0.26.0: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: soap
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 945131    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-11-27 06:57:02 UTC 
```
-# New in 0.25.0; 2024-04-05
+# New in 0.26.0; 2024-11-13
+
+## Security
+* CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init (#3225)
+* CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc (#3225)
+* CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc (#3225)
+* CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init (#3225)
+* CVE-2024-45619: Incorrect handling length of buffers or files in libopensc (#3225)
+* CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init (#3225)
+* CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key (#3219)
+
[...]
```
Comment 1 Larry the Git Cow gentoo-dev 2024-11-27 07:12:58 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e91dd30198e2f15b4c62ce7c4e3112ec858733e

commit 1e91dd30198e2f15b4c62ce7c4e3112ec858733e
Author:     Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
AuthorDate: 2024-11-24 16:50:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-11-27 06:57:17 +0000

    dev-libs/opensc: add 0.26.0
    
    Bug: https://bugs.gentoo.org/945083
    Signed-off-by: Mario Haustein <mario.haustein@hrz.tu-chemnitz.de>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/opensc/Manifest             |  1 +
 dev-libs/opensc/opensc-0.26.0.ebuild | 87 ++++++++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)