Operating System:

[Debian]

Published:

02 January 2020

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0026
                          opensc security update
                              2 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           opensc
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Read-only Data Access -- Existing Account
                   Reduced Security      -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-19479  

Original Bulletin: 
   https://www.debian.org/lts/security/2019/dla-2046

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running opensc check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- --0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Package        : opensc
Version        : 0.16.0-3+deb8u2
CVE ID         : CVE-2019-19479


An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an
incorrect read operation during parsing of a SETCOS file attribute.

For Debian 8 "Jessie", this problem has been fixed in version
0.16.0-3+deb8u2.

We recommend that you upgrade your opensc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature; name="signature.asc"

- -----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEIYZ1DR4ae5UL01q7ldFmTdL1kUIFAl4EBGwACgkQldFmTdL1
kUKAbRAAtNsvAw9ro33Z107LE2VyfUDQsCF4Ggg697ldglJHkQJjXEtRPEYGAKNs
fG2KiBsCisLkL1GXlcc4vCVaH9sSAUV9+1mcSDjbeYyJDEGzlJu6BD8UHTkvuilH
cnT9BmV3oJ4jhRqx5qHe8+7ojSFdLj/J+kkPeQ2S1fkZsYQxqZzWJR+KMZFDzNYU
sMBc02eppXd4d0AJFEP28G6z/dRdG4HLKLQKvYN/4GlV6APr+IsD3cZMncl855lf
phZa5sme0ycCahD1nA76cdA+MpjarA1oqHQkylZyIiVwBcErTs0Z4Z4n5cDAWHUK
YDM+SaUoPBlHro2hv4gPkfuGRk7ufyF/VWg8wnt/AMwAPjr4X7HomVCLDcBIdqA7
xhwUyM1qshlekwz2yM32AZG+Qi9gJORWHcpXHOaCmpSzssDGlG81dhDixyOOVYBO
tuexN+fEqGdAFp6mc1BH98Yq1gQSM+LWPEpOIgsCmS/ZjqIJBq8LQ4upmS3bkWrt
APxv/qHOIYEoH3rxuvFoE1Ldox9qEgnNxUj974Gaq5sl+fbRxGjh7JmLv0GECHpY
Nfp/XlBzt5Sm7Q2vYrWJP9MBWrR2lMbcezH9DK5TYg6ai4H0+ggFUXcVyNpxbZti
q39Mg6WAL7XRH8WPP9LgJVin//whk566Z2uSqS9OywNY2+plc1U=
=kfuO
- -----END PGP SIGNATURE-----

- --0OAP2g/MAC+5xKAE--

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXg1lvWaOgq3Tt24GAQjPvg//aG7l+5TEmchfGhc5Hj9Iea1LCW/trduJ
Wo/H9ugPI5mKtLoAgqC69NJqcNxqtE2TtPj8NcnGFe1SQADnGkrJjFefr/SWbBTb
9klaXuprU1XcrMD9Cg8pS5eTsAhUMPY38QfO4dyXLDn1MIQdS6dYWrKZFZ0pSS3G
Jt0eo1nwGS1PvWt6868NNs1kN+0hpi6JNk8sWN3R33Wj0p+EvLFRDpH6/0r8nBWQ
eqpu0xHORGyGgNHab59ixfffhhmSyQQ7suxxPkgB7g++e8k0li2uzNDsRtczBaY4
enfOR87UrJoumgCzwHay2Wnoq/gPyJL9p/4Lwftbnlu/K/VKfkMxJLZQgZwV7yR5
O8CnL4bcsRj5nqUJ3We5hVPmhm0jt4/wKp7wZsa6mhJcrrCND8aP+2b5BXZVy2RF
UOJ5+dI5LEQCQu2hU1k+sc9QOvP8PJd+a95N4B5ubELYfePhf4msGOsH/6qPvGjD
rdAJmyt3YMs/hwGpGoL9H/swBZIgXvwGcMFq6JxfKcSDpfjMfI22UxL2Ku8CSD4O
05AtQS/Ov1Qo+HPQi6/xrR8MwHz4r3dXjgHyuY88Z3ne1/cWaZR7w4ph0QtDVlqc
1OUkCpf8Bh5C07cEYG+SibKCpRbPXzyIvQ5YF2qOP8lbaD0YCZtC4CadLFFqMVRg
k3UcHgVJIiI=
=SEWH
-----END PGP SIGNATURE-----