OpenSC 0.21.0 has been released today (November 24), fixing security issues: https://github.com/OpenSC/OpenSC/releases/tag/0.21.0
Hi, thanks for reporting this bug. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) I added committers in CC.
CC: (none) => joequant, luigiwalserAssignee: bugsquad => mageiaKeywords: (none) => Triaged
Updated package uploaded by Sander. opensc-0.21.0-1.mga7 libopensc7-0.21.0-1.mga7 libsmm-local7-0.21.0-1.mga7 libopensc-devel-0.21.0-1.mga7 from opensc-0.21.0-1.mga7.src.rpm
CC: luigiwalser => mageiaAssignee: mageia => qa-bugs
Fedora has issued an advisory for this on December 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/
Advisory: ======================== Updated opensc packages fix security vulnerabilities: The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file (CVE-2020-26570). The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init (CVE-2020-26571). The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher (CVE-2020-26572). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26570 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26571 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26572 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EXOHFDMNMO6IDECAGUTB3SJGAGXVRT6S/
LC_ALL=C urpmi --media "Core Updates Testing" opensc To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") lib64opensc7 0.21.0 1.mga7 x86_64 opensc 0.21.0 1.mga7 x86_64 2MB of additional disk space will be used. 1.1MB of packages will be retrieved. Proceed with the installation of the 2 packages? (Y/n) y http://ftp.free.fr/mirrors/mageia.org/distrib/7/x86_64/media/core/updates_testing/opensc-0.21.0-1.mga7.x86_64.rpm http://ftp.free.fr/mirrors/mageia.org/distrib/7/x86_64/media/core/updates_testing/lib64opensc7-0.21.0-1.mga7.x86_64.rpm installing lib64opensc7-0.21.0-1.mga7.x86_64.rpm opensc-0.21.0-1.mga7.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ######################################################################################### 1/2: lib64opensc7 ######################################################################################### 2/2: opensc ######################################################################################### 1/1: removing opensc-0.20.0-1.mga7.x86_64 ######################################################################################### [root@YZenbook Téléchargements]# LC_ALL=C systemctl restart pcscd.service After that, the access to the site protected by the usage of the smartcard works as previoulsly from Firefox.
CC: (none) => yves.brungard_mageia
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory pushed to SVN.
Keywords: Triaged => advisory, validated_updateCVE: (none) => CVE-2020-26570, CVE-2020-26571, CVE-2020-26572CC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0037.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED