LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2011-0143 (ccid)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 13 Update: ccid-1.3.11-2.fc13 


Date:
    	      Thu, 13 Jan 2011 23:38:40 +0000


Message-ID:
    	      <20110113233840.BF1DE110D92@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0143
2011-01-05 20:42:28
--------------------------------------------------------------------------------

Name        : ccid
Product     : Fedora 13
Version     : 1.3.11
Release     : 2.fc13
URL         : http://pcsclite.alioth.debian.org/ccid.html
Summary     : Generic USB CCID smart card reader driver
Description :
Generic USB CCID (Chip/Smart Card Interface Devices) driver.

--------------------------------------------------------------------------------
Update Information:

This update fixes the following security issue:

An integer overflow, leading to array index error was found
in the way USB CCID (Chip/Smart Card Interface Devices) driver
processed certain values of card serial number. A local attacker
could use this flaw to execute arbitrary code, with the privileges
of the user running the pcscd daemon, via a malicious smart card
with specially-crafted value of its serial number, inserted to
the system USB port.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan  5 2011 Kalev Lember <kalev@smartlink.ee> - 1.3.11-2
- Fixed an integer overflow in card serial number processing code (CVE-2010-4530)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #664986 - CVE-2010-4530 CCID: Integer overflow, leading to array index error when
processing crafted serial number of certain cards
        https://bugzilla.redhat.com/show_bug.cgi?id=664986
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ccid' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds