LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2011-0164 (pcsc-lite)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 14 Update: pcsc-lite-1.6.4-3.fc14 


Date:
    	      Thu, 13 Jan 2011 23:35:38 +0000


Message-ID:
    	      <20110113233538.9E7E9110A63@bastion02.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0164
2011-01-05 20:43:16
--------------------------------------------------------------------------------

Name        : pcsc-lite
Product     : Fedora 14
Version     : 1.6.4
Release     : 3.fc14
URL         : http://pcsclite.alioth.debian.org/
Summary     : PC/SC Lite smart card framework and applications
Description :
The purpose of PC/SC Lite is to provide a Windows(R) SCard interface
in a very small form factor for communicating to smartcards and
readers.  PC/SC Lite uses the same winscard API as used under
Windows(R).  This package includes the PC/SC Lite daemon, a resource
manager that coordinates communications with smart card readers and
smart cards that are connected to the system, as well as other command
line tools.

--------------------------------------------------------------------------------
Update Information:

This update fixes the following security issue:

A stack-based buffer overflow flaw was found in the way
PC/SC Lite smart card framework decoded certain attribute 
values of the Answer-to-Reset (ATR) message, received back
from the card after connecting. A local attacker could
use this flaw to execute arbitrary code with the privileges
of the user running the pcscd daemon, via a malicious smart
card inserted to the system USB port.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan  5 2011 Kalev Lember <kalev@smartlink.ee> - 1.6.4-3
- Fixed a buffer overflow in ATR decoder (CVE-2010-4531)
* Mon Dec 13 2010 Kalev Lember <kalev@smartlink.ee> - 1.6.4-2
- Disabled pcscd on-demand startup (#653903)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR)
decoder
        https://bugzilla.redhat.com/show_bug.cgi?id=664999
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pcsc-lite' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds