File _patchinfo of Package patchinfo.9053

<patchinfo incident="9053">
  <issue tracker="bnc" id="1107039">VUL-1: CVE-2018-16418: opensc: buffer overflow when handling string concatenation in util_acl_to_str intools/util.c</issue>
  <issue tracker="bnc" id="1107038">VUL-1: CVE-2018-16422: opensc: single byte buffer overflow when handling responses from an esteid Card insc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c</issue>
  <issue tracker="bnc" id="1104812">VUL-0: opensc: Multiple Vulnerabilities in OpenSC</issue>
  <issue tracker="bnc" id="1107034">VUL-1: CVE-2018-16426: opensc: Endless recursion when handling responses from an IAS-ECC card iniasecc_select_file</issue>
  <issue tracker="bnc" id="1107037">VUL-1: CVE-2018-16423: opensc: double free when handling responses from a smartcard in sc_file_set_sec_attrin libopensc/sc.c</issue>
  <issue tracker="bnc" id="1107036">VUL-1: CVE-2018-16424: opensc: double free when handling responses in read_file in tools/egk-tool.c</issue>
  <issue tracker="bnc" id="1107097">VUL-0: CVE-2018-16420: opensc: buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c</issue>
  <issue tracker="bnc" id="1108318">VUL-1: CVE-2018-16393: opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len()</issue>
  <issue tracker="bnc" id="1107033">VUL-1: CVE-2018-16427: opensc: out of bounds reads when handling responses in OpenSC</issue>
  <issue tracker="bnc" id="1107035">VUL-1: CVE-2018-16425: opensc: double free when handling responses from an HSM Card insc_pkcs15emu_sc_hsm_init</issue>
  <issue tracker="bnc" id="1107049">VUL-0: CVE-2018-16421: opensc: buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c</issue>
  <issue tracker="bnc" id="1106999">VUL-1: CVE-2018-16392: opensc: denial of service when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c</issue>
  <issue tracker="bnc" id="1106998">VUL-1: CVE-2018-16391: opensc: denial of service  when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c</issue>
  <issue tracker="bnc" id="1107107">VUL-0: CVE-2018-16419: opensc: Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c</issue>
  <issue tracker="cve" id="2018-16393"/>
  <issue tracker="cve" id="2018-16392"/>
  <issue tracker="cve" id="2018-16391"/>
  <issue tracker="cve" id="2018-16418"/>
  <issue tracker="cve" id="2018-16419"/>
  <issue tracker="cve" id="2018-16421"/>
  <issue tracker="cve" id="2018-16420"/>
  <issue tracker="cve" id="2018-16423"/>
  <issue tracker="cve" id="2018-16422"/>
  <issue tracker="cve" id="2018-16425"/>
  <issue tracker="cve" id="2018-16424"/>
  <issue tracker="cve" id="2018-16427"/>
  <issue tracker="cve" id="2018-16426"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>mcalabkova</packager>
  <description>This update for opensc fixes the following security issues:

- CVE-2018-16391: Fixed a denial of service when handling responses from a Muscle Card (bsc#1106998)
- CVE-2018-16392: Fixed a denial of service when handling responses from a TCOS Card (bsc#1106999)
- CVE-2018-16393: Fixed buffer overflows when handling responses from Gemsafe V1 Smartcards (bsc#1108318)
- CVE-2018-16418: Fixed buffer overflow when handling string concatenation in util_acl_to_str (bsc#1107039)
- CVE-2018-16419: Fixed several buffer overflows when handling responses from a Cryptoflex card (bsc#1107107)
- CVE-2018-16420: Fixed buffer overflows when handling responses from an ePass 2003 Card (bsc#1107097)
- CVE-2018-16421: Fixed buffer overflows when handling responses from a CAC Card (bsc#1107049)
- CVE-2018-16422: Fixed single byte buffer overflow when handling responses from an esteid Card (bsc#1107038)
- CVE-2018-16423: Fixed double free when handling responses from a smartcard (bsc#1107037)
- CVE-2018-16424: Fixed double free when handling responses in read_file (bsc#1107036)
- CVE-2018-16425: Fixed double free when handling responses from an HSM Card (bsc#1107035)
- CVE-2018-16426: Fixed endless recursion when handling responses from an IAS-ECC card (bsc#1107034)
- CVE-2018-16427: Fixed out of bounds reads when handling responses in OpenSC (bsc#1107033)

</description>
  <summary>Security update for opensc</summary>
</patchinfo>