Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 opensc Critical Memory Corruption Buffer Overflow 2026-8c5856afbb

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Critical update for Fedora 44's opensc addressing multiple security issues including memory corruption and buffer overflow.
New upstream release (#2442363) fixing various security issues.

Summary

OpenSC provides a set of libraries and utilities to work with smart cards. Its

main focus is on cards that support cryptographic operations, and facilitate

their use in security applications such as authentication, mail encryption and

digital signatures. OpenSC implements the PKCS#11 API so applications

supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On

the card OpenSC implements the PKCS#15 standard and aims to be compatible with

every software/card that does so, too.

Update Information:

New upstream release (#2442363) fixing various security issues.

Topics%20covered

Topics Covered

security advisory fedora buffer overflow memory corruption authentication smart card

Change Log

* Tue Mar 31 2026 Jakub Jelen - 0.27.1-1 - New upstream release (#2442363) fixing various security issues: - CVE-2025-66038 Memory corruption via improper compact-TLV length validation - CVE-2025-66215 Stack-buffer-overflow with physical access via crafted smart card or USB device - CVE-2025-49010 Stack-buffer-overflow via crafted smart card or USB device responses - CVE-2025-66037 Out-of-bounds read via crafted input - CVE-2025-13763 Several uses of potentially uninitialized memory detected by fuzzers

References


[ 1 ] Bug #2442363 - opensc-0.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442363 [ 2 ] Bug #2453188 - CVE-2025-66037 opensc: OpenSC: Out-of-bounds read via crafted input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453188 [ 3 ] Bug #2453189 - CVE-2025-49010 opensc: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453189 [ 4 ] Bug #2453190 - CVE-2025-66215 opensc: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453190 [ 5 ] Bug #2453191 - CVE-2025-66038 opensc: OpenSC: Memory corruption via improper compact-TLV length validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453191

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8c5856afbb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: opensc
Product: Fedora 44
Version: 0.27.1
Release: 1.fc44
URL: https://github.com/OpenSC/OpenSC/wiki
Summary: Smart card library and applications

Topics%20covered

Topics Covered

security advisory fedora buffer overflow memory corruption authentication smart card

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here