Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian: DSA-2059-2: New pcsc-lite packages fix regression

    Date04 Jul 2010
    CategoryDebian
    39
    Posted ByLinuxSecurity Advisories
    The update for PCSCD caused a regression with some card readers. This update corrects that regression. The full advisory is below for completeness. It was discovered that PCSCD, a daemon to access smart cards, was vulnerable 
    
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2059-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.debian.org/security/                          Thijs Kinkhorst
July 04, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : pcsc-lite
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2010-0407
Debian Bug     : 585791

The update for PCSCD caused a regression with some card readers. This
update corrects that regression. The full advisory is below for completeness.

It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
to a buffer overflow allowing a local attacker to elevate his privileges
to root.

For the stable distribution (lenny), this problem has been fixed in version
1.4.102-1+lenny3.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.4-1.

We recommend that you upgrade your pcsc-lite package.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.diff.gz
    Size/MD5 checksum:    13828 285de43499c85a65dbc7bb744456cdc3
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102.orig.tar.gz
    Size/MD5 checksum:   643165 bcfa5dd5d76b3020f94b029da764d288
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.dsc
    Size/MD5 checksum:     1269 1fa01b7a0892ea55070bae8b4848d3bb

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    44950 780ca1598eb55c3c67130a723efa78ee
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    84546 41204104d3dd517bbd4a619e06a88cce
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_alpha.deb
    Size/MD5 checksum:    67508 a6bf09a9dd8373f38e953baf9e73af03

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    80530 2bfff370e36c4389e8676496aaf8f3b7
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    44676 c39745aa3ca57f70f0faed74a86533a1
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_amd64.deb
    Size/MD5 checksum:    60256 12ef70bfba02af26bea794adb54ef90e

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    75290 42669c93dc040d19bf151b14aed554ed
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    56946 112454aa2a093558c507671e907f562f
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_arm.deb
    Size/MD5 checksum:    42862 f251a5e5d25d84e9cc7ce937c6775d01

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    76632 1c57e4f92562b742e45202879092c934
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    43438 253014c5fcbea1389f4002fc6e18e3d2
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_armel.deb
    Size/MD5 checksum:    57168 5440a3dd4e0cf5e63e88b1f5f573788c

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    80860 b68205d0dc8fef71a1850edf784b8322
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    61482 8c78521ba7033611c9a1d185d7f61415
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_hppa.deb
    Size/MD5 checksum:    45040 64fb903ce0d1abd7ad0b07044bd196c9

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    73410 24c881c568c9aef3935acfb356ee6bf9
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    55772 e2b358fffc22f759ca6e345b338fb3a5
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_i386.deb
    Size/MD5 checksum:    42324 dba1d15d73d4bf49caaa75e4f2d25e1b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:    50612 c1d0e3bf39b037a0bb0dd8e8020d59e9
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:   101390 deab3cf19af04a4404ded269595a4ba5
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_ia64.deb
    Size/MD5 checksum:    68542 c10175aaa04e03c3df48445498501d3c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    62590 ed2e2b84d00cc796cf7b48cb6c6f905d
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    80754 a9445c03bf8c0c065ce8ba195d04a354
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mips.deb
    Size/MD5 checksum:    43622 65a6748e029fb500a66e55d032b56fa5

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    62534 2f87c8cd7a3fe8efa364be7122739eb8
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    80666 813fc2a97c8eaaa6fe540cf52c060cbd
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mipsel.deb
    Size/MD5 checksum:    43440 49fbf492af48084b9675b7793e69ffd2

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    46040 340099a0e5fcd28c271b002e2433d9c4
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    81882 80aec47c8c0c682ef0c1ba55326eb81f
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_powerpc.deb
    Size/MD5 checksum:    59842 c1f6d9fac30d2f70830080e4a0610cff

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    58940 163447e99251236933f628053b45c257
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    80056 9d083b5375ff6b4e599b6d7b55809f94
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_s390.deb
    Size/MD5 checksum:    44802 76ec23d8546b2d0f7d8ca4529838fdf2

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    57104 a06dfb254e96515bdcc1b1212942d2ae
  http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    41368 dd77f1acaa466847c040fbfe2466fa84
  http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_sparc.deb
    Size/MD5 checksum:    74580 995fbcfd9bd72eaf8bdd909545f22fe8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and http://packages.debian.org/

    Related News

    Secret Court Rules That the FBI’s “Backdoor Searches” of Americans Violated the Fourth Amendment
    Secret Court Rules That the FBI’s “Backdoor Searches” of Americans Violated the Fourth Amendment
    Germany's cyber-security agency recommends Firefox as most secure browser
    Germany's cyber-security agency recommends Firefox as most secure browser
    5 ways to contribute to open source during Hacktoberfest
    5 ways to contribute to open source during Hacktoberfest
    Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root
    Linux Sudo Bug Lets Non-Privileged Users To Run Commands As Root
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"24","type":"x","order":"1","pct":54.55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.36,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.09,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    SciLinux: SLSA-2019-3127-1 Important: java-11-openjdk on SL7.x x86_64
    Date17 Oct 2019 @ 07:44
    SciLinux: SLSA-2019-3128-1 Important: java-1.8.0-openjdk on SL7.x x86_64
    Date17 Oct 2019 @ 07:44
    openSUSE: 2019:2333-1: important: sudo
    Date17 Oct 2019 @ 07:10
    RedHat: RHSA-2019-3140:01 Important: Red Hat JBoss Data Virtualization
    Date17 Oct 2019 @ 06:55

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More