Summary: | <dev-libs/opensc-0.11.13-r2: Buffer Overflow Vulnerabilities (CVE-2010-4523) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.opensc-project.org/opensc/changeset/4913 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 349561 |
Description
Tim Sammut (RETIRED)
2010-12-24 04:38:09 UTC
New ebuild ready, it should work with older pcsc-lite as well so it should be okay to stable already until pcsc-lite is sorted out. (In reply to comment #1) > New ebuild ready, it should work with older pcsc-lite as well so it should be > okay to stable already until pcsc-lite is sorted out. > Thank you. Arches, please test and mark stable: =dev-libs/opensc-0.11.13-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86" ppc64 done Builds fine on x86, rdeps build fine. No hardware to test functionality. Please mark stable for x86. Stable for HPPA PPC. x86 done. Thanks Myckel! amd64 done arm stable alpha/arm/ia64/m68k/s390/sh/sparc stable Thanks, everyone. GLSA request filed. CVE-2010-4523 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4523): Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. This issue was resolved and addressed in GLSA 201401-18 at http://security.gentoo.org/glsa/glsa-201401-18.xml by GLSA coordinator Sean Amoss (ackle). |