| |||||||||||||||||||
Pardus alert 2011-24 (pcsc-lite)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-24 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-02 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in pcsclite. Description =========== CVE-2010-4531: A stack-based buffer overflow flaw was found in the way PC/SC Lite smart card framework decoded certain attribute values of the Answer-to-Reset (ATR) message, received back from the card after connecting. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, via a malicious smart card inserted to the system USB port. Affected packages: Pardus 2009: pcsc-lite, all before 1.5.5-10-6 Resolution ========== There are update(s) for pcsc-lite. You can update them via Package Manager or with a single command from console: pisi up pcsc-lite References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=15802 * http://www.vupen.com/english/advisories/2010/3264 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||