coolkey contains the driver support for the CoolKey and Common Access Card (CAC) Smart Card products. The CAC is used by the U.S. Government.
Steve Grubb discovered a flaw in the way coolkey created a temporary directory. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten. (CVE-2007-4129)
In addition, the updated packages contain fixes for the following bugs in the CAC Smart Card support:
CAC Smart Cards can have from 1 to 3 certificates. The coolkey driver, however, was not recognizing cards if they had less than 3 certificates.
logging into a CAC Smart Card token with a new application would cause other, already authenticated, applications to lose their login status unless the Smart Card was then removed from the reader and re-inserted.
All CAC users should upgrade to these updated packages, which resolve these issues.