oss-sec mailing list archives
OpenSC release 0.19.0
From: Frank Morgner <frankmorgner () gmail com>
Date: Thu, 13 Sep 2018 15:12:01 +0200
Hi all! I'm happy to announce the new OpenSC release 0.19.0, which be found here https://github.com/OpenSC/OpenSC/releases/tag/0.19.0 including the full list of changes. Most notably, this release contains fixes for mutliple issues, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. A detailed description can be found at X41-2018-002 <https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/>. The issues are tracked as CVE-2018-16391 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16391> CVE -2018-16392 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16392> CVE-2018-16393 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16393> CVE -2018-16418 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16418> CVE-2018-16419 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16419> CVE -2018-16420 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16420> CVE-2018-16421 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16421> CVE -2018-16422 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16422> CVE-2018-16423 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16423> CVE -2018-16424 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16424> CVE-2018-16425 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16425> CVE -2018-16426 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16426> CVE-2018-16427 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427>. Thanks to Eric Sesterhenn from X41 D-Sec GmbH for reporting and helping fixing the problems. Regards, Frank
Current thread:
- OpenSC release 0.19.0 Frank Morgner (Sep 13)