Fedora alert FEDORA-2026-8c5856afbb (opensc)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: opensc-0.27.1-1.fc44 | |
| Date: | Sat, 25 Apr 2026 01:53:14 +0000 | |
| Message-ID: | <20260425015314.77D157DF1E@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8c5856afbb 2026-04-25 01:21:36.171503+00:00 -------------------------------------------------------------------------------- Name : opensc Product : Fedora 44 Version : 0.27.1 Release : 1.fc44 URL : https://github.com/OpenSC/OpenSC/wiki Summary : Smart card library and applications Description : OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too. -------------------------------------------------------------------------------- Update Information: New upstream release (#2442363) fixing various security issues. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2026 Jakub Jelen <jjelen@redhat.com> - 0.27.1-1 - New upstream release (#2442363) fixing various security issues: - CVE-2025-66038 Memory corruption via improper compact-TLV length validation - CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device - CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses - CVE-2025-66037 Out-of-bounds read via crafted input - CVE-2025-13763 Several uses of potentially uninitialized memory detected by fuzzers -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442363 - opensc-0.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442363 [ 2 ] Bug #2453188 - CVE-2025-66037 opensc: OpenSC: Out-of-bounds read via crafted input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453188 [ 3 ] Bug #2453189 - CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453189 [ 4 ] Bug #2453190 - CVE-2025-66215 opensc: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453190 [ 5 ] Bug #2453191 - CVE-2025-66038 opensc: OpenSC: Memory corruption via improper compact-TLV length validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453191 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8c5856afbb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new