An update for opensc is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2545 Final 1.0 1.0 2026-06-05 Initial 2026-06-05 2026-06-05 openEuler SA Tool V1.0 2026-06-05 opensc security update An update for opensc is now available for openEuler-24.03-LTS-SP1 OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend. Security Fix(es): OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0.(CVE-2025-49010) OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0.(CVE-2025-66037) An update for opensc is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3/openEuler-24.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium opensc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2545 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-49010 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-66037 https://nvd.nist.gov/vuln/detail/CVE-2025-49010 https://nvd.nist.gov/vuln/detail/CVE-2025-66037 openEuler-24.03-LTS-SP1 opensc-0.23.0-8.oe2403sp1.aarch64.rpm opensc-debuginfo-0.23.0-8.oe2403sp1.aarch64.rpm opensc-debugsource-0.23.0-8.oe2403sp1.aarch64.rpm opensc-help-0.23.0-8.oe2403sp1.aarch64.rpm opensc-0.23.0-8.oe2403sp1.src.rpm opensc-0.23.0-8.oe2403sp1.x86_64.rpm opensc-debuginfo-0.23.0-8.oe2403sp1.x86_64.rpm opensc-debugsource-0.23.0-8.oe2403sp1.x86_64.rpm opensc-help-0.23.0-8.oe2403sp1.x86_64.rpm OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0. 2026-06-05 CVE-2025-49010 openEuler-24.03-LTS-SP1 Medium 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H opensc security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2545 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields() allocates a zero-length buffer and then reads one byte past the end of that allocation. This issue has been patched in version 0.27.0. 2026-06-05 CVE-2025-66037 openEuler-24.03-LTS-SP1 Medium 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H opensc security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2545