Release date:
2026-05-19 11:30:52 UTC
Description:
- CVE-2023-5992: implement constant-time PKCS#1 v1.5 depadding to prevent Bleichenbacher/Marvin-style timing attacks
- CVE-2025-49010: fix stack buffer overflow write in iso7816 GET RESPONSE
- CVE-2025-66037: fix out-of-bounds heap read in sc_pkcs15_pubkey_from_spki_fields
- CVE-2025-66038: fix buffer over-read in sc_compacttlv_find_tag
- CVE-2025-66215: fix stack buffer overflow write in card-oberthur auth_compute_signature and auth_read_record
Updated packages:
-
opensc-0.22.0-2.el9_2.tuxcare.els5.i686.rpm
sha:2f3fd3517015239c2cdc7f25bf8c106d755062aa2ca24888f5145e0057ae46e7
-
opensc-0.22.0-2.el9_2.tuxcare.els5.x86_64.rpm
sha:844c30b0f2540213ad3ba760bc9126332b7f36e329ff0e7279b595de1047651d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
