Package: libopensc2 Version: 0.11.4-5+lenny1 Tags: security Severity: critical Hi, a buffer overflow vulnerability was detected in libopensc. For details please see this press article (German: [1], English: [2]) and the detailed report[3] including a proof-of-concept by MWR InfoSecurity[4]. The OpenSC developers have released a patch which should fix this vulnerability[5]. If Debian isn't affected by this vulnerability or if it has already been fixed, please don't hesitate to downgrade or close this bug. Best regards Alexander Kurtz [1] http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner-rootet-1154599.html [2] http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-computer-1154829.html [3] http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf [4] http://www.mwrinfosecurity.com/index.php [5] https://www.opensc-project.org/opensc/changeset/4913
Attachment:
signature.asc
Description: This is a digitally signed message part