[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libopensc: protect for possible buffer overflows from rogue cards.

Package: libopensc2
Version: 0.11.4-5+lenny1
Tags: security
Severity: critical


a buffer overflow vulnerability was detected in libopensc.

For details please see this press article (German: [1], English: [2])
and the detailed report[3] including a proof-of-concept by MWR

The OpenSC developers have released a patch which should fix this

If Debian isn't affected by this vulnerability or if it has already been
fixed, please don't hesitate to downgrade or close this bug.

Best regards

Alexander Kurtz

[1] http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner-rootet-1154599.html
[2] http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html
[3] http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
[4] http://www.mwrinfosecurity.com/index.php
[5] https://www.opensc-project.org/opensc/changeset/4913

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: