Nome do pacote
pcsc-lite
Data
2010-09-24
ID Alerta
MDVSA-2010:189
Versões afetadas
2009.0 x86_64 , MES5 i586 , 2009.1 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.0 i586 , 2009.1 x86_64 , MES5 x86_64

Descrição do problema

Multiple vulnerabilities has been found and corrected in pcsc-lite:

The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart
Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow
local users to cause a denial of service (daemon crash) via crafted
SCARD_SET_ATTRIB message data, which is improperly demarshalled
and triggers a buffer over-read, a related issue to CVE-2010-0407
(CVE-2009-4901).

Buffer overflow in the MSGFunctionDemarshall function in winscard_svc.c
in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite 1.5.4
and earlier might allow local users to gain privileges via crafted
SCARD_CONTROL message data, which is improperly demarshalled. NOTE:
this vulnerability exists because of an incorrect fix for CVE-2010-0407
(CVE-2009-4902).

Multiple buffer overflows in the MSGFunctionDemarshall function in
winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE
PCSC-Lite before 1.5.4 allow local users to gain privileges via
crafted message data, which is improperly demarshalled (CVE-2010-0407).

Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Pacotes atualizados

2009.0 x86_64

 0ecec7927fddbf1791384667d4c2cb0f  2009.0/x86_64/lib64pcsclite1-1.4.102-1.1mdv2009.0.x86_64.rpm
 628debd6fb07c332a72b836c165bcc8d  2009.0/x86_64/lib64pcsclite-devel-1.4.102-1.1mdv2009.0.x86_64.rpm
 ae015f03362f7399c9aba451f2f7fecd  2009.0/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdv2009.0.x86_64.rpm
 64fbc7257cbfc5a18c1d3f63ab8860e8  2009.0/x86_64/pcsc-lite-1.4.102-1.1mdv2009.0.x86_64.rpm 
 76334baf4d0a4c7e7269be6855aee4c2  2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

MES5 i586

 4194b2888cee96308009918fd78ec2e6  mes5/i586/libpcsclite1-1.4.102-1.1mdvmes5.1.i586.rpm
 5fceb0986718f744abbd371129b38eba  mes5/i586/libpcsclite-devel-1.4.102-1.1mdvmes5.1.i586.rpm
 f856c267204173af9fad236eac81c28f  mes5/i586/libpcsclite-static-devel-1.4.102-1.1mdvmes5.1.i586.rpm
 6d601e4b1d1168ebec78c5d945378e02  mes5/i586/pcsc-lite-1.4.102-1.1mdvmes5.1.i586.rpm 
 0b52ec2a75a79cdef80d31b6b55323d1  mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

2009.1 i586

 f6fbc67ddacadd6e421fd68d02e12633  2009.1/i586/libpcsclite1-1.5.2-1.1mdv2009.1.i586.rpm
 a1ba1511fd5dd26573527ef50ce81b5e  2009.1/i586/libpcsclite-devel-1.5.2-1.1mdv2009.1.i586.rpm
 4b9ba378d857ae48a846f00e286024e8  2009.1/i586/libpcsclite-static-devel-1.5.2-1.1mdv2009.1.i586.rpm
 6a704dd4e7d8423d35db366dbf689cb7  2009.1/i586/pcsc-lite-1.5.2-1.1mdv2009.1.i586.rpm 
 01a7091c9fcf2337578c9caeebc87833  2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm

2009.0 i586

 9e6699c3b26d60127e0caaa1aa2289d2  2009.0/i586/libpcsclite1-1.4.102-1.1mdv2009.0.i586.rpm
 72a1a3d5e01ed8345f265a77f4ea05dd  2009.0/i586/libpcsclite-devel-1.4.102-1.1mdv2009.0.i586.rpm
 349726056604450832d18ebef0b719c0  2009.0/i586/libpcsclite-static-devel-1.4.102-1.1mdv2009.0.i586.rpm
 e87e4987d3fbf641f645b2009471f387  2009.0/i586/pcsc-lite-1.4.102-1.1mdv2009.0.i586.rpm 
 76334baf4d0a4c7e7269be6855aee4c2  2009.0/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

2008.0 x86_64

 6e0f7e5e8069e5aa694de0b51d51e7f7  2008.0/x86_64/lib64pcsclite1-1.4.4-1.1mdv2008.0.x86_64.rpm
 ecb3d147a0989e9f11b6c21a99d78b00  2008.0/x86_64/lib64pcsclite-devel-1.4.4-1.1mdv2008.0.x86_64.rpm
 217d8be73202d169f0749b586d2fc78d  2008.0/x86_64/lib64pcsclite-static-devel-1.4.4-1.1mdv2008.0.x86_64.rpm
 5124ffac456d3ddcbe83c2cc20b3e65b  2008.0/x86_64/pcsc-lite-1.4.4-1.1mdv2008.0.x86_64.rpm 
 f08e053f4969deef763e11fd6d66b408  2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm

2008.0 i586

 8542435bcf848ec4a758f08abb440de6  2008.0/i586/libpcsclite1-1.4.4-1.1mdv2008.0.i586.rpm
 b2cba2d308ce62f0db856cbeb397e579  2008.0/i586/libpcsclite-devel-1.4.4-1.1mdv2008.0.i586.rpm
 91aa91411c7755f9fef3bc9d2247ae8d  2008.0/i586/libpcsclite-static-devel-1.4.4-1.1mdv2008.0.i586.rpm
 a9b3733633dea019f2604a3edaee1108  2008.0/i586/pcsc-lite-1.4.4-1.1mdv2008.0.i586.rpm 
 f08e053f4969deef763e11fd6d66b408  2008.0/SRPMS/pcsc-lite-1.4.4-1.1mdv2008.0.src.rpm

2009.1 x86_64

 613b7a63921e05a482fb4aae6a36d5cf  2009.1/x86_64/lib64pcsclite1-1.5.2-1.1mdv2009.1.x86_64.rpm
 9dd66b08eb34e7fa8d00c569f0face33  2009.1/x86_64/lib64pcsclite-devel-1.5.2-1.1mdv2009.1.x86_64.rpm
 8b7f3042144456046ac6a550d49466f7  2009.1/x86_64/lib64pcsclite-static-devel-1.5.2-1.1mdv2009.1.x86_64.rpm
 8f4c9901adccf658a5edd7b88e735568  2009.1/x86_64/pcsc-lite-1.5.2-1.1mdv2009.1.x86_64.rpm 
 01a7091c9fcf2337578c9caeebc87833  2009.1/SRPMS/pcsc-lite-1.5.2-1.1mdv2009.1.src.rpm

MES5 x86_64

 245e8a6081254bacb173674d15594e98  mes5/x86_64/lib64pcsclite1-1.4.102-1.1mdvmes5.1.x86_64.rpm
 315e276f89d1bd75105a2e40f2976b81  mes5/x86_64/lib64pcsclite-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm
 731b15c35ffe0872052578e9a25f3fa2  mes5/x86_64/lib64pcsclite-static-devel-1.4.102-1.1mdvmes5.1.x86_64.rpm
 ca6aa016db366b69b83ca08814a9636c  mes5/x86_64/pcsc-lite-1.4.102-1.1mdvmes5.1.x86_64.rpm 
 0b52ec2a75a79cdef80d31b6b55323d1  mes5/SRPMS/pcsc-lite-1.4.102-1.1mdv2009.0.src.rpm

Referências