Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 746821 (CVE-2020-26570, CVE-2020-26571, CVE-2020-26572) - dev-libs/opensc: Multiple vulnerabilities (CVE-2020-{26570,26571,26572})
Summary: dev-libs/opensc: Multiple vulnerabilities (CVE-2020-{26570,26571,26572})
Status: CONFIRMED
Alias: CVE-2020-26570, CVE-2020-26571, CVE-2020-26572
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-06 03:04 UTC by Sam James
Modified: 2020-11-24 18:11 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-10-06 03:04:58 UTC
* CVE-2020-26570

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
Patch: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e

* CVE-2020-26571

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

Patch: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612

* CVE_2020-26572

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
Patch: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
Comment 1 Sam James archtester gentoo-dev Security 2020-11-16 18:55:26 UTC
Should be fixed in the upcoming 0.21.0: https://github.com/OpenSC/OpenSC/commit/c4a75eb1c20130fee03f29c8ffb802003abd8883.
Comment 2 John Helmert III (ajak) 2020-11-24 18:11:05 UTC
0.21.0 is released with the fixes.