Three stack-based buffer overflow flaws were found in the way
OpenSC device drivers for A-Trust ACOS, ACS ACOS5 and
STARCOS SPK 2.3 based smart cards processed certain
values of card serial number. A local attacker could use this
flaw to execute arbitrary code, with the privileges of the
user running the opesc-tool or opensc-explorer binaries via
a malicious smart card, with specially-crafted value of its
serial number, inserted to the system.
These issues affect the versions of the opensc package, as shipped
with Fedora release of 13 and 14.
Please schedule an update.
Created opensc tracking bugs for this issue
Affects: fedora-all [bug 664834]