Support / Security / Advisories / Mandriva Linux 2010.0 / MDVSA-2011:015

Package name: pcsc-lite
Date: 2011-01-20
Advisory ID: MDVSA-2011:015
Affected versions: 2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in pcsc-lite:

Stack-based buffer overflow in the ATRDecodeAtr function in the
Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite
1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically
proximate attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a smart card with an ATR message containing
a long attribute value (CVE-2010-4531).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 b8690a3cb9fe4cef11a2f7181f07c2bf  2009.0/x86_64/lib64pcsclite1-1.4.102-1.2mdv2009.0.x86_64.rpm
 70a6ff7af784249e5f3dbec686c5c992  2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.2mdv2009.0.x86_64.rpm
 01141839cdc3d10e5df39d34cad4b1d0  2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.2mdv2009.0.x86_64.rpm
 f49b21cb00dde2c767661f4e8512c9d2  2009.0/x86_64/pcsc-lite-1.4.102-1.2mdv2009.0.x86_64.rpm 
 92270b043c53d716e12eac331480ffe9  2009.0/SRPMS/pcsc-lite-1.4.102-1.2mdv2009.0.src.rpm

MES5 i586

 7ed0fa196d040622f207790461b52a43  mes5/i586/libpcsclite1-1.4.102-1.2mdvmes5.1.i586.rpm
 f879e7282ab9cc61e84ebd2597499f80  mes5/i586/libpcsclite-devel-1.4.102-1.2mdvmes5.1.i586.rpm
 73554d61bc2ab9cb03a150f56a0d6350  mes5/i586/libpcsclite-static-devel-1.4.102-1.2mdvmes5.1.i586.rpm
 06579ff154adcd565b9cab0f840754cd  mes5/i586/pcsc-lite-1.4.102-1.2mdvmes5.1.i586.rpm 
 5cc332351f3350333e0e0f38b9a45771  mes5/SRPMS/pcsc-lite-1.4.102-1.2mdvmes5.1.src.rpm

2010.0 x86_64

 cafd52e2470853139baa1a4c92251d8d  2010.0/x86_64/lib64pcsclite1-1.5.5-1.1mdv2010.0.x86_64.rpm
 7c27626ea5b0ca2bfcf6a6f44cecd432  2010.0/x86_64/lib64pcsclite-devel-1.5.5-1.1mdv2010.0.x86_64.rpm
 f9073247d0152fabc96b147c2b06ca4b  2010.0/x86_64/lib64pcsclite-static-devel-1.5.5-1.1mdv2010.0.x86_64.rpm
 c6d768906fb0a1a6025d560f835faf32  2010.0/x86_64/pcsc-lite-1.5.5-1.1mdv2010.0.x86_64.rpm 
 c3ea63013e5cdbc56ebdca3f8305379a  2010.0/SRPMS/pcsc-lite-1.5.5-1.1mdv2010.0.src.rpm

2010.1 i586

 b590e80c2a64596453c593ee70c5e8e1  2010.1/i586/libpcsclite1-1.5.5-2.1mdv2010.2.i586.rpm
 35aedb0f443c5b96faf2cc3f0c9774d0  2010.1/i586/libpcsclite-devel-1.5.5-2.1mdv2010.2.i586.rpm
 483ee37eb2ae95fe44649c449028efaa  2010.1/i586/libpcsclite-static-devel-1.5.5-2.1mdv2010.2.i586.rpm
 ed00d83148affe361345db65cd29c5db  2010.1/i586/pcsc-lite-1.5.5-2.1mdv2010.2.i586.rpm 
 a53a46520d0b3f55a5672ae66db13a18  2010.1/SRPMS/pcsc-lite-1.5.5-2.1mdv2010.2.src.rpm

2010.0 i586

 e8542ceffedf0e3e10a75451fa7ac4cd  2010.0/i586/libpcsclite1-1.5.5-1.1mdv2010.0.i586.rpm
 9909eecea315d85cc1a5f22680ccb55b  2010.0/i586/libpcsclite-devel-1.5.5-1.1mdv2010.0.i586.rpm
 9d4e979b5245f8f03670571801bc1ee1  2010.0/i586/libpcsclite-static-devel-1.5.5-1.1mdv2010.0.i586.rpm
 4293654f2187a51a09e16402665d40bf  2010.0/i586/pcsc-lite-1.5.5-1.1mdv2010.0.i586.rpm 
 c3ea63013e5cdbc56ebdca3f8305379a  2010.0/SRPMS/pcsc-lite-1.5.5-1.1mdv2010.0.src.rpm

2009.0 i586

 d137c48f4e931440a7c0b8f15fcff4b8  2009.0/i586/libpcsclite1-1.4.102-1.2mdv2009.0.i586.rpm
 25116e1db3bda3affb09d59b4adc6aef  2009.0/i586/libpcsclite-devel-1.4.102-1.2mdv2009.0.i586.rpm
 302d0c768b5b610547f55a3781f14fa8  2009.0/i586/libpcsclite-static-devel-1.4.102-1.2mdv2009.0.i586.rpm
 d18ad9858c8995ca754138e0bd7a9bd8  2009.0/i586/pcsc-lite-1.4.102-1.2mdv2009.0.i586.rpm 
 92270b043c53d716e12eac331480ffe9  2009.0/SRPMS/pcsc-lite-1.4.102-1.2mdv2009.0.src.rpm

CS4.0 i586

 d198bb12df9768650b8b023cf0682235  corporate/4.0/i586/libpcsclite1-1.3.0-2.2.20060mlcs4.i586.rpm
 e4ac5a2b593ef62fae4d2b27f504423c  corporate/4.0/i586/libpcsclite1-devel-1.3.0-2.2.20060mlcs4.i586.rpm
 c4542e045341899a71b51e2790807be2  corporate/4.0/i586/libpcsclite1-static-devel-1.3.0-2.2.20060mlcs4.i586.rpm
 953f7cbed53e20c1e6141593ef682ce8  corporate/4.0/i586/pcsc-lite-1.3.0-2.2.20060mlcs4.i586.rpm 
 3c6765a9ebd8fd682f2894ded24252d5  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.2.20060mlcs4.src.rpm

CS4.0 x86_64

 b614f7ed9446b338baa784ae5f52bd12  corporate/4.0/x86_64/lib64pcsclite1-1.3.0-2.2.20060mlcs4.x86_64.rpm
 d0ab4bd7bba3aa12d795ec14b5275255  corporate/4.0/x86_64/lib64pcsclite1-devel-1.3.0-2.2.20060mlcs4.x86_64.rpm
 04c4bc08d596259e4353c52d5e933070  corporate/4.0/x86_64/lib64pcsclite1-static-devel-1.3.0-2.2.20060mlcs4.x86_64.rpm
 6603ce736b8a876949d4d63a08d56e00  corporate/4.0/x86_64/pcsc-lite-1.3.0-2.2.20060mlcs4.x86_64.rpm 
 3c6765a9ebd8fd682f2894ded24252d5  corporate/4.0/SRPMS/pcsc-lite-1.3.0-2.2.20060mlcs4.src.rpm

MES5 x86_64

 cfa52291779d9196a52d29010705d8d7  mes5/x86_64/lib64pcsclite1-1.4.102-1.2mdvmes5.1.x86_64.rpm
 081a1250e01700a76a9a671a633b7c11  mes5/x86_64/lib64pcsclite-devel-1.4.102-1.2mdvmes5.1.x86_64.rpm
 480be64c067ac9a4db1cf17fc83da674  mes5/x86_64/lib64pcsclite-static-devel-1.4.102-1.2mdvmes5.1.x86_64.rpm
 ddefa78d3c632d33aa5521192bcc53ca  mes5/x86_64/pcsc-lite-1.4.102-1.2mdvmes5.1.x86_64.rpm 
 5cc332351f3350333e0e0f38b9a45771  mes5/SRPMS/pcsc-lite-1.4.102-1.2mdvmes5.1.src.rpm

2010.1 x86_64

 b05d60aa1b2fe29a60defe1b06a20a8e  2010.1/x86_64/lib64pcsclite1-1.5.5-2.1mdv2010.2.x86_64.rpm
 910af804d47eb0667a420f51410a5d97  2010.1/x86_64/lib64pcsclite-devel-1.5.5-2.1mdv2010.2.x86_64.rpm
 6a04a618d0f85e8b4bd0cd59336bd7b9  2010.1/x86_64/lib64pcsclite-static-devel-1.5.5-2.1mdv2010.2.x86_64.rpm
 d61120d304cd581e9529b12d68c67e1b  2010.1/x86_64/pcsc-lite-1.5.5-2.1mdv2010.2.x86_64.rpm 
 a53a46520d0b3f55a5672ae66db13a18  2010.1/SRPMS/pcsc-lite-1.5.5-2.1mdv2010.2.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4531