User: Password:
Subscribe / Log in / New account

Fedora alert FEDORA-2011-0123 (pcsc-lite)

Subject:  [SECURITY] Fedora 13 Update: pcsc-lite-1.5.5-5.fc13
Date:  Thu, 13 Jan 2011 23:38:23 +0000
Message-ID:  <>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-0123 2011-01-05 20:41:44 -------------------------------------------------------------------------------- Name : pcsc-lite Product : Fedora 13 Version : 1.5.5 Release : 5.fc13 URL : Summary : PC/SC Lite smart card framework and applications Description : The purpose of PC/SC Lite is to provide a Windows(R) SCard interface in a very small form factor for communicating to smartcards and readers. PC/SC Lite uses the same winscard API as used under Windows(R). This package includes the PC/SC Lite daemon, a resource manager that coordinates communications with smart card readers and smart cards that are connected to the system, as well as other command line tools. -------------------------------------------------------------------------------- Update Information: This update fixes the following security issue: A stack-based buffer overflow flaw was found in the way PC/SC Lite smart card framework decoded certain attribute values of the Answer-to-Reset (ATR) message, received back from the card after connecting. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, via a malicious smart card inserted to the system USB port. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 5 2011 Kalev Lember <> - 1.5.5-5 - Fixed a buffer overflow in ATR decoder (CVE-2010-4531) -------------------------------------------------------------------------------- References: [ 1 ] Bug #664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update pcsc-lite' at the command line. For more information, refer to "Managing Software with yum", available at All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds