[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: libopensc: protect for possible buffer overflows from rogue cards.
From: Alexander Kurtz <kurtz.alex () googlemail ! com>
Date: 2010-12-18 10:29:19
Message-ID: 1292668159.4960.15.camel () localhost
[Download RAW message or body]
Package: libopensc2
Version: 0.11.4-5+lenny1
Tags: security
Severity: critical
Hi,
a buffer overflow vulnerability was detected in libopensc.
For details please see this press article (German: [1], English: [2])
and the detailed report[3] including a proof-of-concept by MWR
InfoSecurity[4].
The OpenSC developers have released a patch which should fix this
vulnerability[5].
If Debian isn't affected by this vulnerability or if it has already been
fixed, please don't hesitate to downgrade or close this bug.
Best regards
Alexander Kurtz
[1] http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner-roo=
tet-1154599.html
[2] http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your-=
computer-1154829.html
[3] http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial=
-buffer-overflow_2010-12-13.pdf
[4] http://www.mwrinfosecurity.com/index.php
[5] https://www.opensc-project.org/opensc/changeset/4913
["signature.asc" (application/pgp-signature)]
--
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1292668159.4960.15.camel@localhost
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic