drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in pcsc-lite
Name: |
Ausführen beliebiger Kommandos in pcsc-lite |
|
ID: |
USN-1125-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10 |
|
Datum: |
Mi, 27. April 2011, 23:31 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531 |
|
Applikationen: |
pcsc-lite |
|
Originalnachricht |
--===============7233889705788572617== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-am2mdATbPfmTmxc2AM/k"
--=-am2mdATbPfmTmxc2AM/k Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1125-1 April 27, 2011
pcsc-lite vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10
Summary:
PCSC-Lite could be made to crash or run programs if it accessed a special smart card.
Software Description: - pcsc-lite: Middleware to access a smart card using PC/SC (development files)
Details:
Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart cards with malformed ATR messages. An attacker having physical access could exploit this with a special smart card and cause a denial of service or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.10: libpcsclite1 1.5.5-3ubuntu2.1
Ubuntu 10.04 LTS: libpcsclite1 1.5.3-1ubuntu4.2
Ubuntu 9.10: libpcsclite1 1.5.3-1ubuntu1.2
After a standard system update you need to restart smart card applications to make all the necessary changes.
References: CVE-2010-4531
Package Information: https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1 https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2 https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2
--Úm2mdATbPfmTmxc2AM/k Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNuH+dAAoJEGVp2FWnRL6T4TYP/A3rQIMctblGAsrbC4gAu0Sz dhStq941aPNh7On81wyhiaDvYWGXRmwq7bHBH4TROE10ibm+4i6oUsKgTZu7AX7J +AArbJgQMpDJZwW7obL2I/PzmODxRiuq0gZJvGyXsC5u+hXtlqv8DYfWMJDlXweq UpU3gBpWhj1r7jJbKjrlj/sIoqzmoJs0fObZkVqHOFC+LOjVapsxo5S5y6vxlP0N onh7VLa2vR0nZaCux6LpMkuh/EtARr3A8Paq3lXrFBrGnjOivnIpZYFHnZmnBkgx ribmWkDVV/1Li8lDsOgF7QNI3ot+FaOA/qqz0x5IyDQR9/agWPguULegpZnDmN7H z0EGmVi4g4FRTT9GV2yAkXwULksPvWzkVWcFAnq8RET316i8S7U/Qps0ptXGXpY0 j/OvgUs5/2ehdrhFIIYstkPiB9oLb3dopZluk7yOe3U9pqeevNW2bdqmg9r14elZ 0vXfklzaixbRaTpDfaZb+ebXZCU7TGV+BDotleGUcjGs1GaM76c97jXfc9wCWqIV C/nL1SzHt+sxEb2c041IvJCQPWg2gfYatUtHSNnxTpXCTXzzZhCDziPJ0/bocfZJ 8mooOxPDfFtfMIvvAvBF9peosYn4/DiGkHaYcUEUsNVrEVTv3ZLF9VRmHwjpMVmh hAeanqRFtSlNNMWC9909 =Bfdo -----END PGP SIGNATURE-----
--=-am2mdATbPfmTmxc2AM/k--
--===============7233889705788572617== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7233889705788572617==--
|
|
|
|