Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Fri, 5 Sep 2008 15:28:35 +0200
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve@...re.org
Subject: Re: opensc 0.11.6 with fixed security update

Andreas Jellinghaus wrote:
> this is a copy of a new security announcement we had to make, already public.
> our last security update with OpenSC 0.11.5 had a small glitch, so this 
> version fixes that glitch. Please everyone update the opensc packages in your
> distribution.
> [...]
> This is an update to our security advisory 31-Jul-2008. 
> 
> Chaskiel M Grundman found a security vulnerability in OpenSC. The 
> vulnerability has been fixed in OpenSC 0.11.6. In Mitre's CVE dictionary this 
> issue is filed under CVE-2008-2235. Users will need to 
> run "pkcs15-tool -T -U" to test (-T) and update (-U) the security settings on 
> their card. 

I guess this need a new CVE number then?

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ