Nom du paquet
opensc
Date
2009-04-09
Advisory ID
MDVSA-2009:089
Affected versions
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

OpenSC before 0.11.7 allows physically proximate attackers to bypass
intended PIN requirements and read private data objects via a (1) low
level APDU command or (2) debugging tool, as demonstrated by reading
the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

The updated packages fix the issue.

Updated packages

2009.0 x86_64

 44a05f6ad6ff9913422b1fdb79c61745  2009.0/x86_64/lib64opensc2-0.11.7-0.1mdv2009.0.x86_64.rpm
 33960dc36d0db21e71ce6693fb52915e  2009.0/x86_64/lib64opensc-devel-0.11.7-0.1mdv2009.0.x86_64.rpm
 37aa2c61aa7ff43e9a0d48d69e082169  2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.x86_64.rpm
 6b906a1e884c002eb91cb744b1c70290  2009.0/x86_64/opensc-0.11.7-0.1mdv2009.0.x86_64.rpm 
 391234fd292dbbe9c9cf0bae990ca961  2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm

2008.0 i586

 5f239515eac39547b0c9f41c6fa73411  2008.0/i586/libopensc2-0.11.3-2.2mdv2008.0.i586.rpm
 25444defa5ae336f6053135299686612  2008.0/i586/libopensc-devel-0.11.3-2.2mdv2008.0.i586.rpm
 98a08ef44e9284dc53982e232dbcbd6f  2008.0/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.i586.rpm
 017d9c1dbc1c064a7aaadd5a63d7a496  2008.0/i586/opensc-0.11.3-2.2mdv2008.0.i586.rpm 
 c85bf396c067679cb6c312a1a34498db  2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm

2009.0 i586

 3c873d88bfc728f3c6e566bb27caa60a  2009.0/i586/libopensc2-0.11.7-0.1mdv2009.0.i586.rpm
 12259488d9315c8e9a85e38259b3e4ae  2009.0/i586/libopensc-devel-0.11.7-0.1mdv2009.0.i586.rpm
 543095148af4a557a7e4c8f0674cb651  2009.0/i586/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.i586.rpm
 b97aa305b656629979bf64aea14bb595  2009.0/i586/opensc-0.11.7-0.1mdv2009.0.i586.rpm 
 391234fd292dbbe9c9cf0bae990ca961  2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm

CS4.0 i586

 710b784731ba6ce9e2f7474d5190a864  corporate/4.0/i586/libopensc2-0.10.1-2.2.20060mlcs4.i586.rpm
 68cbe67c1a03defb2f0e80aa738b808e  corporate/4.0/i586/libopensc2-devel-0.10.1-2.2.20060mlcs4.i586.rpm
 5735d95135f72f10f0e26453afd25080  corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.i586.rpm
 91502589d130ad3b5cb347804286a5da  corporate/4.0/i586/opensc-0.10.1-2.2.20060mlcs4.i586.rpm 
 a6db7e426ac61da00de18480b00f360c  corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm

2008.0 x86_64

 ff3a14e7ceb98e30edfd56443c0829d0  2008.0/x86_64/lib64opensc2-0.11.3-2.2mdv2008.0.x86_64.rpm
 9ffad75feeeb3e9edf4ea7c0a3123ec9  2008.0/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.0.x86_64.rpm
 9134f93d7faeaa3d672e42d107068fbc  2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.x86_64.rpm
 23660b061c276ec1ed2a77c60a191229  2008.0/x86_64/opensc-0.11.3-2.2mdv2008.0.x86_64.rpm 
 c85bf396c067679cb6c312a1a34498db  2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm

CS4.0 x86_64

 4d17dddf9cf837593ded74d5707e6227  corporate/4.0/x86_64/lib64opensc2-0.10.1-2.2.20060mlcs4.x86_64.rpm
 88cd0ade0e38454db2aad29a19ba9418  corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.2.20060mlcs4.x86_64.rpm
 33732581d211c93a5793e860222b7042  corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm
 41c99e7b2d5d6da50872aedb1d5b3501  corporate/4.0/x86_64/opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm 
 a6db7e426ac61da00de18480b00f360c  corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm

2008.1 x86_64

 839774a8b6765ef0a1db6a80187e44cc  2008.1/x86_64/lib64opensc2-0.11.3-2.2mdv2008.1.x86_64.rpm
 1292b5f9b985155c45d017c9d491d979  2008.1/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.1.x86_64.rpm
 18b47407a2ef4e0bda7c79eef0055ba3  2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.x86_64.rpm
 92489f4d1be33ac711de922e84f5847d  2008.1/x86_64/opensc-0.11.3-2.2mdv2008.1.x86_64.rpm 
 028a72bb7eeb49cbd8b5af3f80bdcecc  2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm

2008.1 i586

 8cb99452e878b5f371f592f22e28f12d  2008.1/i586/libopensc2-0.11.3-2.2mdv2008.1.i586.rpm
 f3112256e1fa360eb29e890b530d73dd  2008.1/i586/libopensc-devel-0.11.3-2.2mdv2008.1.i586.rpm
 70747b6fefb3792e7ef43c99b3e6fd76  2008.1/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.i586.rpm
 f816da7b83e65909776040c9ae93a456  2008.1/i586/opensc-0.11.3-2.2mdv2008.1.i586.rpm 
 028a72bb7eeb49cbd8b5af3f80bdcecc  2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm

References