MGASA-2026-0231

Source
https://advisories.mageia.org/MGASA-2026-0231.html
Import Source
https://advisories.mageia.org/MGASA-2026-0231.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0231
Upstream
  • CVE-2026-10275
  • CVE-2026-40528
Published
2026-06-24T05:41:50Z
Modified
2026-06-24T05:45:04.641953614Z
Summary
Updated opensc packages fix security vulnerabilities
Details

These packages fix security vulnerabilities: CVE-2026-10275, A flaw has been found in OpenSC up to 0.26.1. This affects the function testkpgencertwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue. CVE-2026-40528, OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the dokeyvalue() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.

References
Credits

Affected packages

Mageia:9 / opensc

Package

Name
opensc
Purl
pkg:rpm/mageia/opensc?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.25.0-1.3.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0231.json"