Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Ubuntu 10.10 USN-1125-1 Moderate: PCSC-Lite Denial of Service

Calendar Apr 27, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service code execution Ubuntu pcsc-lite
PCSC-Lite could be made to crash or run programs if it accessed a special smart card. 
=========================================================================Ubuntu Security Notice USN-1125-1
April 27, 2011

pcsc-lite vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

PCSC-Lite could be made to crash or run programs if it accessed a special
smart card.

Software Description:
- pcsc-lite: Middleware to access a smart card using PC/SC (development files)

Details:

Rafael Dominguez Vega discovered that PCSC-Lite incorrectly handled smart
cards with malformed ATR messages. An attacker having physical access
could exploit this with a special smart card and cause a denial of service
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  libpcsclite1                    1.5.5-3ubuntu2.1

Ubuntu 10.04 LTS:
  libpcsclite1                    1.5.3-1ubuntu4.2

Ubuntu 9.10:
  libpcsclite1                    1.5.3-1ubuntu1.2

After a standard system update you need to restart smart card applications
to make all the necessary changes.

References:
  CVE-2010-4531

Package Information:
  https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1
  https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2
  https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2

Ubuntu 10.10 USN-1125-1 Moderate: PCSC-Lite Denial of Service

ubuntu
Calendar Grey April 27, 2011
Dist Ubuntu Esm H88
The vulnerability in PCSC-Lite has the potential to halt systems or run arbitrary code during smart card access. Check the security update for detailed insights.
PCSC-Lite could be made to crash or run programs if it accessed a special smart card.

Summary

Topics%20covered

Topics Covered

security advisory denial of service code execution Ubuntu pcsc-lite

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libpcsclite1 1.5.5-3ubuntu2.1 Ubuntu 10.04 LTS: libpcsclite1 1.5.3-1ubuntu4.2 Ubuntu 9.10: libpcsclite1 1.5.3-1ubuntu1.2 After a standard system update you need to restart smart card applications to make all the necessary changes.

References

CVE-2010-4531

Severity
important
Lowest
Low
Medium
High
Critical

April 27, 2011

Topics%20covered

Topics Covered

security advisory denial of service code execution Ubuntu pcsc-lite

Package Information

https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.5-3ubuntu2.1 https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu4.2 https://launchpad.net/ubuntu/+source/pcsc-lite/1.5.3-1ubuntu1.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here