[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    libopensc: protect for possible buffer overflows from rogue cards.
From:       Alexander Kurtz <kurtz.alex () googlemail ! com>
Date:       2010-12-18 10:29:19
Message-ID: 1292668159.4960.15.camel () localhost
[Download RAW message or body]

Package: libopensc2
Version: 0.11.4-5+lenny1
Tags: security
Severity: critical

Hi,

a buffer overflow vulnerability was detected in libopensc.

For details please see this press article (German: [1], English: [2])
and the detailed report[3] including a proof-of-concept by MWR
InfoSecurity[4].

The OpenSC developers have released a patch which should fix this
vulnerability[5].

If Debian isn't affected by this vulnerability or if it has already been
fixed, please don't hesitate to downgrade or close this bug.

Best regards

Alexander Kurtz

[1] http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner-roo=
tet-1154599.html
[2] http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-=
computer-1154829.html
[3] http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial=
-buffer-overflow_2010-12-13.pdf
[4] http://www.mwrinfosecurity.com/index.php
[5] https://www.opensc-project.org/opensc/changeset/4913




["signature.asc" (application/pgp-signature)]
-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1292668159.4960.15.camel@localhost


[prev in list] [next in list] [prev in thread] [next in thread]