http://www.h-online.com/open/news/item/When-a-smart-card-can-root-your- computer-1154829.html
http://www.heise.de/security/meldung/Wenn-die-Smartcard-den-Rechner- rootet-1154599.html Heise reports a security issue found in OpenSC. As far as I can see the code was added in 2004 to the starcos driver with the bug and has found it's way cut&pasted into other drivers later. If you only use certain cards, and the code for your card is not vulnerable, then you can edit opensc.conf and set "card_drivers" to the name of your card driver, thus disabling all other drivers. Warning: I haven't tested this myself. Or you can apply this patch (link by heise, haven't looked at our code myself): https://www.opensc-project.org/opensc/changeset/4913 Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
