Hi all! I'm happy to announce the new OpenSC release 0.19.0, which be found here https://github.com/OpenSC/OpenSC/releases/tag/0.19.0 including the full list of changes. Most notably, this release contains fixes for mutliple issues, ranging from stack based buffer overflows to out of bounds reads and writes on the heap. They can be triggered by malicious smartcards sending malformed responses to APDU commands. A detailed description can be found at X41-2018-002 <https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/>. The issues are tracked as CVE-2018-16391 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16391> CVE -2018-16392 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16392> CVE-2018-16393 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16393> CVE -2018-16418 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16418> CVE-2018-16419 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16419> CVE -2018-16420 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16420> CVE-2018-16421 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16421> CVE -2018-16422 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16422> CVE-2018-16423 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16423> CVE -2018-16424 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16424> CVE-2018-16425 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16425> CVE -2018-16426 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16426> CVE-2018-16427 <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16427>. Thanks to Eric Sesterhenn from X41 D-Sec GmbH for reporting and helping fixing the problems. Regards, Frank
View entire thread
You seem to have CSS turned off. Please don't fill out this field.
Click URL instructions: Right-click on the ad, choose "Copy Link", then paste here → (This may not be possible with some types of ads)
Ad destination/click URL:
