Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0026 opensc security update 2 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: opensc Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Read-only Data Access -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-19479 Original Bulletin: https://www.debian.org/lts/security/2019/dla-2046 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running opensc check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - --0OAP2g/MAC+5xKAE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Package : opensc Version : 0.16.0-3+deb8u2 CVE ID : CVE-2019-19479 An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute. For Debian 8 "Jessie", this problem has been fixed in version 0.16.0-3+deb8u2. We recommend that you upgrade your opensc packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - --0OAP2g/MAC+5xKAE Content-Type: application/pgp-signature; name="signature.asc" - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl4EBGwACgkQldFmTdL1 kUKAbRAAtNsvAw9ro33Z107LE2VyfUDQsCF4Ggg697ldglJHkQJjXEtRPEYGAKNs fG2KiBsCisLkL1GXlcc4vCVaH9sSAUV9+1mcSDjbeYyJDEGzlJu6BD8UHTkvuilH cnT9BmV3oJ4jhRqx5qHe8+7ojSFdLj/J+kkPeQ2S1fkZsYQxqZzWJR+KMZFDzNYU sMBc02eppXd4d0AJFEP28G6z/dRdG4HLKLQKvYN/4GlV6APr+IsD3cZMncl855lf phZa5sme0ycCahD1nA76cdA+MpjarA1oqHQkylZyIiVwBcErTs0Z4Z4n5cDAWHUK YDM+SaUoPBlHro2hv4gPkfuGRk7ufyF/VWg8wnt/AMwAPjr4X7HomVCLDcBIdqA7 xhwUyM1qshlekwz2yM32AZG+Qi9gJORWHcpXHOaCmpSzssDGlG81dhDixyOOVYBO tuexN+fEqGdAFp6mc1BH98Yq1gQSM+LWPEpOIgsCmS/ZjqIJBq8LQ4upmS3bkWrt APxv/qHOIYEoH3rxuvFoE1Ldox9qEgnNxUj974Gaq5sl+fbRxGjh7JmLv0GECHpY Nfp/XlBzt5Sm7Q2vYrWJP9MBWrR2lMbcezH9DK5TYg6ai4H0+ggFUXcVyNpxbZti q39Mg6WAL7XRH8WPP9LgJVin//whk566Z2uSqS9OywNY2+plc1U= =kfuO - -----END PGP SIGNATURE----- - --0OAP2g/MAC+5xKAE-- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXg1lvWaOgq3Tt24GAQjPvg//aG7l+5TEmchfGhc5Hj9Iea1LCW/trduJ Wo/H9ugPI5mKtLoAgqC69NJqcNxqtE2TtPj8NcnGFe1SQADnGkrJjFefr/SWbBTb 9klaXuprU1XcrMD9Cg8pS5eTsAhUMPY38QfO4dyXLDn1MIQdS6dYWrKZFZ0pSS3G Jt0eo1nwGS1PvWt6868NNs1kN+0hpi6JNk8sWN3R33Wj0p+EvLFRDpH6/0r8nBWQ eqpu0xHORGyGgNHab59ixfffhhmSyQQ7suxxPkgB7g++e8k0li2uzNDsRtczBaY4 enfOR87UrJoumgCzwHay2Wnoq/gPyJL9p/4Lwftbnlu/K/VKfkMxJLZQgZwV7yR5 O8CnL4bcsRj5nqUJ3We5hVPmhm0jt4/wKp7wZsa6mhJcrrCND8aP+2b5BXZVy2RF UOJ5+dI5LEQCQu2hU1k+sc9QOvP8PJd+a95N4B5ubELYfePhf4msGOsH/6qPvGjD rdAJmyt3YMs/hwGpGoL9H/swBZIgXvwGcMFq6JxfKcSDpfjMfI22UxL2Ku8CSD4O 05AtQS/Ov1Qo+HPQi6/xrR8MwHz4r3dXjgHyuY88Z3ne1/cWaZR7w4ph0QtDVlqc 1OUkCpf8Bh5C07cEYG+SibKCpRbPXzyIvQ5YF2qOP8lbaD0YCZtC4CadLFFqMVRg k3UcHgVJIiI= =SEWH -----END PGP SIGNATURE-----