OpenSC: Arbitrary code execution

2014-01-21T00:00:00
ID GLSA-201401-18
Type gentoo
Reporter Gentoo Foundation
Modified 2014-01-21T00:00:00

Description

Background

OpenSC is a tools and libraries for smart cards.

Description

Multiple stack-based buffer overflow errors have been discovered in OpenSC.

Impact

A physically proximate attacker could possibly execute arbitrary code using a specially crafted smart card.

Workaround

There is no known workaround at this time.

Resolution

All OpenSC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.11.13-r2"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.