Joined: 12 May 2004
|Posted: Sat Jan 25, 2014 4:14 am Post subject: [ GLSA 201401-18 ] OpenSC: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: OpenSC: Arbitrary code execution (GLSA 201401-18)
Date: January 21, 2014
Multiple stack-based buffer overflows have been found in OpenSC,
allowing attackers to execute arbitrary code.
OpenSC is a tools and libraries for smart cards.
Vulnerable: < 0.11.13-r2
Unaffected: >= 0.11.13-r2
Architectures: All supported architectures
Multiple stack-based buffer overflow errors have been discovered in
A physically proximate attacker could possibly execute arbitrary code
using a specially crafted smart card.
There is no known workaround at this time.
All OpenSC users should upgrade to the latest version:
Packages which depend on this library may need to be recompiled. Tools
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.13-r2"
such as revdep-rebuild may assist in identifying some of these packages.