LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 2059-2: pcsc-lite: buffer overflow Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian The update for PCSCD caused a regression with some card readers. This update corrects that regression. The full advisory is below for completeness. It was discovered that PCSCD, a daemon to access smart cards, was vulnerable [More...]
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2059-2                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
July 04, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pcsc-lite
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2010-0407
Debian Bug     : 585791

The update for PCSCD caused a regression with some card readers. This
update corrects that regression. The full advisory is below for completeness.

It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
to a buffer overflow allowing a local attacker to elevate his privileges
to root.

For the stable distribution (lenny), this problem has been fixed in version
1.4.102-1+lenny3.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.4-1.

We recommend that you upgrade your pcsc-lite package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.diff.gz
    Size/MD5 checksum:    13828 285de43499c85a65dbc7bb744456cdc3
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102.orig.tar.gz
    Size/MD5 checksum:   643165 bcfa5dd5d76b3020f94b029da764d288
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.dsc
    Size/MD5 checksum:     1269 1fa01b7a0892ea55070bae8b4848d3bb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    44950 780ca1598eb55c3c67130a723efa78ee
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    84546 41204104d3dd517bbd4a619e06a88cce
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    67508 a6bf09a9dd8373f38e953baf9e73af03

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    80530 2bfff370e36c4389e8676496aaf8f3b7
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    44676 c39745aa3ca57f70f0faed74a86533a1
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    60256 12ef70bfba02af26bea794adb54ef90e

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    75290 42669c93dc040d19bf151b14aed554ed
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    56946 112454aa2a093558c507671e907f562f
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    42862 f251a5e5d25d84e9cc7ce937c6775d01

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    76632 1c57e4f92562b742e45202879092c934
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    43438 253014c5fcbea1389f4002fc6e18e3d2
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    57168 5440a3dd4e0cf5e63e88b1f5f573788c

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    80860 b68205d0dc8fef71a1850edf784b8322
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    61482 8c78521ba7033611c9a1d185d7f61415
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    45040 64fb903ce0d1abd7ad0b07044bd196c9

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    73410 24c881c568c9aef3935acfb356ee6bf9
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    55772 e2b358fffc22f759ca6e345b338fb3a5
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    42324 dba1d15d73d4bf49caaa75e4f2d25e1b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:    50612 c1d0e3bf39b037a0bb0dd8e8020d59e9
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:   101390 deab3cf19af04a4404ded269595a4ba5
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:    68542 c10175aaa04e03c3df48445498501d3c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    62590 ed2e2b84d00cc796cf7b48cb6c6f905d
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    80754 a9445c03bf8c0c065ce8ba195d04a354
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    43622 65a6748e029fb500a66e55d032b56fa5

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    62534 2f87c8cd7a3fe8efa364be7122739eb8
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    80666 813fc2a97c8eaaa6fe540cf52c060cbd
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    43440 49fbf492af48084b9675b7793e69ffd2

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    46040 340099a0e5fcd28c271b002e2433d9c4
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    81882 80aec47c8c0c682ef0c1ba55326eb81f
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    59842 c1f6d9fac30d2f70830080e4a0610cff

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    58940 163447e99251236933f628053b45c257
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    80056 9d083b5375ff6b4e599b6d7b55809f94
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    44802 76ec23d8546b2d0f7d8ca4529838fdf2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    57104 a06dfb254e96515bdcc1b1212942d2ae
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    41368 dd77f1acaa466847c040fbfe2466fa84
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    74580 995fbcfd9bd72eaf8bdd909545f22fe8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers encrypted the entire City of Detroit DataBase & demanded ransom of 2000 bitcoins ($803,500)
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.