Nom du paquet
ccid
Date
2011-01-20
Advisory ID
MDVSA-2011:014
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

A vulnerability has been found and corrected in ccid:

Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card
Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3
and possibly other products, allows physically proximate attackers to
execute arbitrary code via a smart card with a crafted serial number
that causes a negative value to be used in a memcpy operation, which
triggers a buffer overflow. NOTE: some sources refer to this issue
as an integer overflow (CVE-2010-4530).

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 c065aa2ef89421dfb165b4ed48792b21  corporate/4.0/x86_64/ccid-1.0.0-2.1.20060mlcs4.x86_64.rpm 
 26afe41c97d0729456a88c57804a8a13  corporate/4.0/SRPMS/ccid-1.0.0-2.1.20060mlcs4.src.rpm

CS4.0 i586

 1825753343f77df80e26acc86569d1c4  corporate/4.0/i586/ccid-1.0.0-2.1.20060mlcs4.i586.rpm 
 26afe41c97d0729456a88c57804a8a13  corporate/4.0/SRPMS/ccid-1.0.0-2.1.20060mlcs4.src.rpm

References