[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] OpenSC release 0.19.0
From:       Frank Morgner <frankmorgner () gmail ! com>
Date:       2018-09-13 13:12:01
Message-ID: CAO8bUyka=0g1xJmCH5_DkKc-JsWnCDGmsPUUTbbeKpkaC4=pvg () mail ! gmail ! com
[Download RAW message or body]


Hi all!

I'm happy to announce the new OpenSC release 0.19.0, which be found here
https://github.com/OpenSC/OpenSC/releases/tag/0.19.0 including the full
list of changes.

Most notably, this release contains fixes for mutliple issues, ranging from
stack based buffer overflows to out of bounds reads and writes on the heap.
They can be triggered by malicious smartcards sending malformed responses
to APDU commands. A detailed description can be found at X41-2018-002
<https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/>. The issues
are tracked as CVE-2018-16391
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16391> CVE
-2018-16392 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16392>
CVE-2018-16393
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16393> CVE
-2018-16418 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16418>
CVE-2018-16419
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16419> CVE
-2018-16420 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16420>
CVE-2018-16421
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16421> CVE
-2018-16422 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16422>
CVE-2018-16423
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16423> CVE
-2018-16424 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16424>
CVE-2018-16425
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16425> CVE
-2018-16426 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16426>
CVE-2018-16427
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427>. Thanks to
Eric Sesterhenn from X41 D-Sec GmbH for reporting and helping fixing the
problems.

Regards, Frank


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic