Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in pcsc-lite
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in pcsc-lite
ID: USN-1125-1
Distribution: Ubuntu
Plattformen: Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10
Datum: Mi, 27. April 2011, 23:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531
Applikationen: pcsc-lite

Originalnachricht


--===============7233889705788572617==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-am2mdATbPfmTmxc2AM/k"


--=-am2mdATbPfmTmxc2AM/k
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1125-1
April 27, 2011

pcsc-lite vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

PCSC-Lite could be made to crash or run programs if it accessed a special
smart card.

Software Description:
- pcsc-lite: Middleware to access a smart card using PC/SC (development files)

Details:

Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart
cards with malformed ATR messages. An attacker having physical access
could exploit this with a special smart card and cause a denial of service
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
libpcsclite1 1.5.5-3ubuntu2.1

Ubuntu 10.04 LTS:
libpcsclite1 1.5.3-1ubuntu4.2

Ubuntu 9.10:
libpcsclite1 1.5.3-1ubuntu1.2

After a standard system update you need to restart smart card applications
to make all the necessary changes.

References:
CVE-2010-4531

Package Information:
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2



--Úm2mdATbPfmTmxc2AM/k
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJNuH+dAAoJEGVp2FWnRL6T4TYP/A3rQIMctblGAsrbC4gAu0Sz
dhStq941aPNh7On81wyhiaDvYWGXRmwq7bHBH4TROE10ibm+4i6oUsKgTZu7AX7J
+AArbJgQMpDJZwW7obL2I/PzmODxRiuq0gZJvGyXsC5u+hXtlqv8DYfWMJDlXweq
UpU3gBpWhj1r7jJbKjrlj/sIoqzmoJs0fObZkVqHOFC+LOjVapsxo5S5y6vxlP0N
onh7VLa2vR0nZaCux6LpMkuh/EtARr3A8Paq3lXrFBrGnjOivnIpZYFHnZmnBkgx
ribmWkDVV/1Li8lDsOgF7QNI3ot+FaOA/qqz0x5IyDQR9/agWPguULegpZnDmN7H
z0EGmVi4g4FRTT9GV2yAkXwULksPvWzkVWcFAnq8RET316i8S7U/Qps0ptXGXpY0
j/OvgUs5/2ehdrhFIIYstkPiB9oLb3dopZluk7yOe3U9pqeevNW2bdqmg9r14elZ
0vXfklzaixbRaTpDfaZb+ebXZCU7TGV+BDotleGUcjGs1GaM76c97jXfc9wCWqIV
C/nL1SzHt+sxEb2c041IvJCQPWg2gfYatUtHSNnxTpXCTXzzZhCDziPJ0/bocfZJ
8mooOxPDfFtfMIvvAvBF9peosYn4/DiGkHaYcUEUsNVrEVTv3ZLF9VRmHwjpMVmh
hAeanqRFtSlNNMWC9909
=Bfdo
-----END PGP SIGNATURE-----

--=-am2mdATbPfmTmxc2AM/k--



--===============7233889705788572617==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============7233889705788572617==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung