Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 5 Sep 2008 15:28:35 +0200
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve@...re.org
Subject: Re: opensc 0.11.6 with fixed security update

Andreas Jellinghaus wrote:
> this is a copy of a new security announcement we had to make, already public.
> our last security update with OpenSC 0.11.5 had a small glitch, so this 
> version fixes that glitch. Please everyone update the opensc packages in your
> distribution.
> [...]
> This is an update to our security advisory 31-Jul-2008. 
> 
> Chaskiel M Grundman found a security vulnerability in OpenSC. The 
> vulnerability has been fixed in OpenSC 0.11.6. In Mitre's CVE dictionary this 
> issue is filed under CVE-2008-2235. Users will need to 
> run "pkcs15-tool -T -U" to test (-T) and update (-U) the security settings on 
> their card. 

I guess this need a new CVE number then?

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.