[USN-1125-1] PCSC-Lite vulnerability
--=-am2mdATbPfmTmxc2AM/k
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-1125-1
April 27, 2011
pcsc-lite vulnerability
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10
Summary:
PCSC-Lite could be made to crash or run programs if it accessed a special
smart card.
Software Description:
- pcsc-lite: Middleware to access a smart card using PC/SC (development fil=
es)
Details:
Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart
cards with malformed ATR messages. An attacker having physical access
could exploit this with a special smart card and cause a denial of service
or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
libpcsclite1 1.5.5-3ubuntu2.1
Ubuntu 10.04 LTS:
libpcsclite1 1.5.3-1ubuntu4.2
Ubuntu 9.10:
libpcsclite1 1.5.3-1ubuntu1.2
After a standard system update you need to restart smart card applications
to make all the necessary changes.
References:
CVE-2010-4531
Package Information:
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2
https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2
--=-am2mdATbPfmTmxc2AM/k
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJNuH+dAAoJEGVp2FWnRL6T4TYP/A3rQIMctblGAsrbC4gAu0Sz
dhStq941aPNh7On81wyhiaDvYWGXRmwq7bHBH4TROE10ibm+4i6oUsKgTZu7AX7J
+AArbJgQMpDJZwW7obL2I/PzmODxRiuq0gZJvGyXsC5u+hXtlqv8DYfWMJDlXweq
UpU3gBpWhj1r7jJbKjrlj/sIoqzmoJs0fObZkVqHOFC+LOjVapsxo5S5y6vxlP0N
onh7VLa2vR0nZaCux6LpMkuh/EtARr3A8Paq3lXrFBrGnjOivnIpZYFHnZmnBkgx
ribmWkDVV/1Li8lDsOgF7QNI3ot+FaOA/qqz0x5IyDQR9/agWPguULegpZnDmN7H
z0EGmVi4g4FRTT9GV2yAkXwULksPvWzkVWcFAnq8RET316i8S7U/Qps0ptXGXpY0
j/OvgUs5/2ehdrhFIIYstkPiB9oLb3dopZluk7yOe3U9pqeevNW2bdqmg9r14elZ
0vXfklzaixbRaTpDfaZb+ebXZCU7TGV+BDotleGUcjGs1GaM76c97jXfc9wCWqIV
C/nL1SzHt+sxEb2c041IvJCQPWg2gfYatUtHSNnxTpXCTXzzZhCDziPJ0/bocfZJ
8mooOxPDfFtfMIvvAvBF9peosYn4/DiGkHaYcUEUsNVrEVTv3ZLF9VRmHwjpMVmh
hAeanqRFtSlNNMWC9909
=Bfdo
-----END PGP SIGNATURE-----
--=-am2mdATbPfmTmxc2AM/k--