ALT Linux Team

Branch p11 update on 2025-10-14

2025-10-14

ALT-BU-2025-12964-1

Branch p11 update bulletin.

ALT-PU-2025-12701-2

Package opensc updated to version 0.26.1-alt1 for branch p11 in task 396569.

Closed vulnerabilities

Published: 2024-05-15

BDU:2024-11086

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Severity: LOW (3.9) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: LOW (3.7) Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-02

BDU:2024-11087

Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-03

BDU:2024-11088

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-03

BDU:2024-11091

Уязвимость утилиты персонализации смарт-карт pkcs15-init набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: LOW (3.9) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: LOW (3.7) Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-03

BDU:2024-11092

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: LOW (3.9) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: LOW (3.7) Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-03

BDU:2024-11093

Уязвимость утилиты персонализации смарт-карт pkcs15-init и библиотеки libopensc набора программных инструментов и библиотек для работы со смарт-картами OpenSC, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: LOW (3.9) Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: LOW (3.7) Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2024-09-03
Modified: 2024-09-13

CVE-2024-45615

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

Severity: LOW (3.9) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-09-03
Modified: 2024-09-13

CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card.

Severity: LOW (3.9) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-09-03
Modified: 2024-09-13

CVE-2024-45617

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Severity: LOW (3.9) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-09-03
Modified: 2024-09-13

CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.

Severity: LOW (3.9) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-09-03
Modified: 2024-09-23

CVE-2024-45619

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2024-09-03
Modified: 2024-09-19

CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

Severity: LOW (3.9) Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
References:

ALT-PU-2025-12713-2

Package kernel-image-6.12 updated to version 6.12.51-alt1 for branch p11 in task 396557.

Closed bugs

Bug #54887

Включить CONFIG_HID_UNIVERSAL_PIDFF

ALT-PU-2025-12715-2

Package kernel-image-rt updated to version 6.12.51-alt1 for branch p11 in task 396558.

Closed bugs

Bug #54887

Включить CONFIG_HID_UNIVERSAL_PIDFF

ALT-PU-2025-12749-3

Package golang updated to version 1.24.8-alt1 for branch p11 in task 396635.

Closed vulnerabilities

CVE-2025-47912

No data currently available.

CVE-2025-58183

No data currently available.

CVE-2025-58185

No data currently available.

CVE-2025-58186

No data currently available.

CVE-2025-58187

No data currently available.

CVE-2025-58188

No data currently available.

CVE-2025-58189

No data currently available.

CVE-2025-61723

No data currently available.

CVE-2025-61724

No data currently available.

CVE-2025-61725

No data currently available.

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top