Debian: DSA-2059-2: New pcsc-lite packages fix regression

    Date04 Jul 2010
    CategoryDebian
    39
    Posted ByLinuxSecurity Advisories
    The update for PCSCD caused a regression with some card readers. This update corrects that regression. The full advisory is below for completeness. It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-2059-2                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                          Thijs Kinkhorst
    July 04, 2010                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : pcsc-lite
    Vulnerability  : buffer overflow
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CVE-2010-0407
    Debian Bug     : 585791
    
    The update for PCSCD caused a regression with some card readers. This
    update corrects that regression. The full advisory is below for completeness.
    
    It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
    to a buffer overflow allowing a local attacker to elevate his privileges
    to root.
    
    For the stable distribution (lenny), this problem has been fixed in version
    1.4.102-1+lenny3.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1.5.4-1.
    
    We recommend that you upgrade your pcsc-lite package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.diff.gz
        Size/MD5 checksum:    13828 285de43499c85a65dbc7bb744456cdc3
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102.orig.tar.gz
        Size/MD5 checksum:   643165 bcfa5dd5d76b3020f94b029da764d288
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny3.dsc
        Size/MD5 checksum:     1269 1fa01b7a0892ea55070bae8b4848d3bb
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_alpha.deb
        Size/MD5 checksum:    44950 780ca1598eb55c3c67130a723efa78ee
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_alpha.deb
        Size/MD5 checksum:    84546 41204104d3dd517bbd4a619e06a88cce
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_alpha.deb
        Size/MD5 checksum:    67508 a6bf09a9dd8373f38e953baf9e73af03
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_amd64.deb
        Size/MD5 checksum:    80530 2bfff370e36c4389e8676496aaf8f3b7
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_amd64.deb
        Size/MD5 checksum:    44676 c39745aa3ca57f70f0faed74a86533a1
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_amd64.deb
        Size/MD5 checksum:    60256 12ef70bfba02af26bea794adb54ef90e
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_arm.deb
        Size/MD5 checksum:    75290 42669c93dc040d19bf151b14aed554ed
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_arm.deb
        Size/MD5 checksum:    56946 112454aa2a093558c507671e907f562f
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_arm.deb
        Size/MD5 checksum:    42862 f251a5e5d25d84e9cc7ce937c6775d01
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_armel.deb
        Size/MD5 checksum:    76632 1c57e4f92562b742e45202879092c934
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_armel.deb
        Size/MD5 checksum:    43438 253014c5fcbea1389f4002fc6e18e3d2
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_armel.deb
        Size/MD5 checksum:    57168 5440a3dd4e0cf5e63e88b1f5f573788c
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_hppa.deb
        Size/MD5 checksum:    80860 b68205d0dc8fef71a1850edf784b8322
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_hppa.deb
        Size/MD5 checksum:    61482 8c78521ba7033611c9a1d185d7f61415
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_hppa.deb
        Size/MD5 checksum:    45040 64fb903ce0d1abd7ad0b07044bd196c9
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_i386.deb
        Size/MD5 checksum:    73410 24c881c568c9aef3935acfb356ee6bf9
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_i386.deb
        Size/MD5 checksum:    55772 e2b358fffc22f759ca6e345b338fb3a5
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_i386.deb
        Size/MD5 checksum:    42324 dba1d15d73d4bf49caaa75e4f2d25e1b
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_ia64.deb
        Size/MD5 checksum:    50612 c1d0e3bf39b037a0bb0dd8e8020d59e9
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_ia64.deb
        Size/MD5 checksum:   101390 deab3cf19af04a4404ded269595a4ba5
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_ia64.deb
        Size/MD5 checksum:    68542 c10175aaa04e03c3df48445498501d3c
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mips.deb
        Size/MD5 checksum:    62590 ed2e2b84d00cc796cf7b48cb6c6f905d
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mips.deb
        Size/MD5 checksum:    80754 a9445c03bf8c0c065ce8ba195d04a354
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mips.deb
        Size/MD5 checksum:    43622 65a6748e029fb500a66e55d032b56fa5
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_mipsel.deb
        Size/MD5 checksum:    62534 2f87c8cd7a3fe8efa364be7122739eb8
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_mipsel.deb
        Size/MD5 checksum:    80666 813fc2a97c8eaaa6fe540cf52c060cbd
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_mipsel.deb
        Size/MD5 checksum:    43440 49fbf492af48084b9675b7793e69ffd2
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_powerpc.deb
        Size/MD5 checksum:    46040 340099a0e5fcd28c271b002e2433d9c4
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_powerpc.deb
        Size/MD5 checksum:    81882 80aec47c8c0c682ef0c1ba55326eb81f
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_powerpc.deb
        Size/MD5 checksum:    59842 c1f6d9fac30d2f70830080e4a0610cff
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_s390.deb
        Size/MD5 checksum:    58940 163447e99251236933f628053b45c257
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_s390.deb
        Size/MD5 checksum:    80056 9d083b5375ff6b4e599b6d7b55809f94
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_s390.deb
        Size/MD5 checksum:    44802 76ec23d8546b2d0f7d8ca4529838fdf2
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny3_sparc.deb
        Size/MD5 checksum:    57104 a06dfb254e96515bdcc1b1212942d2ae
      http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny3_sparc.deb
        Size/MD5 checksum:    41368 dd77f1acaa466847c040fbfe2466fa84
      http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny3_sparc.deb
        Size/MD5 checksum:    74580 995fbcfd9bd72eaf8bdd909545f22fe8
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"24","type":"x","order":"1","pct":54.55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.36,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.09,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.