Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 42 OpenSC Important Memory Issues Stack Overflow CVE-2025-66038

fedora
Calendar Grey April 10, 2026
Dist Fedora Esm H88
Fedora 42 OpenSC update addresses significant security flaws including memory corruption and buffer overflow issues.
New upstream release (#2442363) fixing various security issues

Summary

OpenSC provides a set of libraries and utilities to work with smart cards. Its

main focus is on cards that support cryptographic operations, and facilitate

their use in security applications such as authentication, mail encryption and

digital signatures. OpenSC implements the PKCS#11 API so applications

supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On

the card OpenSC implements the PKCS#15 standard and aims to be compatible with

every software/card that does so, too.

Update Information:

New upstream release (#2442363) fixing various security issues

Topics%20covered

Topics Covered

security advisory fedora memory corruption important out-of-bounds read stack buffer overflow

Change Log

* Tue Mar 31 2026 Jakub Jelen - 0.27.1-1 - New upstream release (#2442363) fixing various security issues: - CVE-2025-66038 Memory corruption via improper compact-TLV length validation - CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device - CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses - CVE-2025-66037 Out-of-bounds read via crafted input - CVE-2025-13763 Several uses of potentially uninitialized memory detected by fuzzers * Fri Jan 16 2026 Michael Catanzaro - 0.26.1-6 - Fix crash when loaded by p11-kit - SoftHSM 2.7.0 compatibility * Fri Jan 16 2026 Fedora Release Engineering - 0.26.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Wed Dec 17 2025 Jakub Jelen - 0.26.1-4 - Avoid const discard to unbreak eln build

References


[ 1 ] Bug #2442363 - opensc-0.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442363 [ 2 ] Bug #2453188 - CVE-2025-66037 opensc: OpenSC: Out-of-bounds read via crafted input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453188 [ 3 ] Bug #2453189 - CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453189 [ 4 ] Bug #2453190 - CVE-2025-66215 opensc: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453190 [ 5 ] Bug #2453191 - CVE-2025-66038 opensc: OpenSC: Memory corruption via improper compact-TLV length validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453191

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-de85b06438' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: opensc
Product: Fedora 42
Version: 0.27.1
Release: 1.fc42
URL: https://github.com/OpenSC/OpenSC/wiki
Summary: Smart card library and applications

Topics%20covered

Topics Covered

security advisory fedora memory corruption important out-of-bounds read stack buffer overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here