User: Password:
Subscribe / Log in / New account

Pardus alert 2011-24 (pcsc-lite)

From:  Meltem Parmaks&#305;z <>
Subject:  [Pardus-security] [PLSA 2011-24] pcsc-lite: Buffer Overflow
Date:  Wed, 2 Feb 2011 00:35:12 +0200
Message-ID:  <>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-24 ------------------------------------------------------------------------ Date: 2011-02-02 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in pcsclite. Description =========== CVE-2010-4531: A stack-based buffer overflow flaw was found in the way PC/SC Lite smart card framework decoded certain attribute values of the Answer-to-Reset (ATR) message, received back from the card after connecting. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon, via a malicious smart card inserted to the system USB port. Affected packages: Pardus 2009: pcsc-lite, all before 1.5.5-10-6 Resolution ========== There are update(s) for pcsc-lite. You can update them via Package Manager or with a single command from console: pisi up pcsc-lite References ========== * * ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds