MDVSA-2011:014
- Package name
- ccid
- Date
- 2011-01-20
- Advisory ID
- MDVSA-2011:014
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
A vulnerability has been found and corrected in ccid:
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card
Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3
and possibly other products, allows physically proximate attackers to
execute arbitrary code via a smart card with a crafted serial number
that causes a negative value to be used in a memcpy operation, which
triggers a buffer overflow. NOTE: some sources refer to this issue
as an integer overflow (CVE-2010-4530).
The updated packages have been patched to correct this issue.
Updated packages
CS4.0 x86_64
c065aa2ef89421dfb165b4ed48792b21 corporate/4.0/x86_64/ccid-1.0.0-2.1.20060mlcs4.x86_64.rpm 26afe41c97d0729456a88c57804a8a13 corporate/4.0/SRPMS/ccid-1.0.0-2.1.20060mlcs4.src.rpm
CS4.0 i586
1825753343f77df80e26acc86569d1c4 corporate/4.0/i586/ccid-1.0.0-2.1.20060mlcs4.i586.rpm 26afe41c97d0729456a88c57804a8a13 corporate/4.0/SRPMS/ccid-1.0.0-2.1.20060mlcs4.src.rpm