[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PeH4C-00032Q-9j@titan.mandriva.com>
Date: Sun, 16 Jan 2011 02:06:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:011 ] opensc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:011
http://www.mandriva.com/security/
_______________________________________________________________________
Package : opensc
Date : January 15, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in opensc:
Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
and earlier allow physically proximate attackers to execute arbitrary
code via a long serial-number field on a smart card, related to
(1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
(CVE-2010-4523).
Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4523
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
cd4ae835bea4c7ceada09592b1501e3c 2009.0/i586/libopensc2-0.11.7-0.2mdv2009.0.i586.rpm
cdf28b79c5876cecc44ef2ed59c05931 2009.0/i586/libopensc-devel-0.11.7-0.2mdv2009.0.i586.rpm
acd7df41cf928dd4a19e7552705b703d 2009.0/i586/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.i586.rpm
478e16642c40f8d1840e9585f93d65b9 2009.0/i586/opensc-0.11.7-0.2mdv2009.0.i586.rpm
db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
0e3c89260c75f0c0fef79ede084e5527 2009.0/x86_64/lib64opensc2-0.11.7-0.2mdv2009.0.x86_64.rpm
f6482f439f01051c9918050ecdf0e7a1 2009.0/x86_64/lib64opensc-devel-0.11.7-0.2mdv2009.0.x86_64.rpm
f8fd40a89862e2845fb9468868e06356 2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.x86_64.rpm
b9f0e6200de48e9fb6f8e3b0ff63bf9e 2009.0/x86_64/opensc-0.11.7-0.2mdv2009.0.x86_64.rpm
db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm
Mandriva Linux 2010.0:
36f1b7a48e270da7e7f29f5ed39857f0 2010.0/i586/libopensc2-0.11.9-1.16mdv2010.0.i586.rpm
f924dc31967cf1d53d9ff33b4b9aca57 2010.0/i586/libopensc-devel-0.11.9-1.16mdv2010.0.i586.rpm
88aeaadfcd1815c8f707f91fb177940a 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.i586.rpm
6843d2adc5d35d8a576ecbda4836210a 2010.0/i586/opensc-0.11.9-1.16mdv2010.0.i586.rpm
dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
a21a04684e7492a6ac8e23d99241358d 2010.0/x86_64/lib64opensc2-0.11.9-1.16mdv2010.0.x86_64.rpm
aff7742435af0589061b5733716b7efc 2010.0/x86_64/lib64opensc-devel-0.11.9-1.16mdv2010.0.x86_64.rpm
31f266f76efc8e1764024a2342ad6db1 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.x86_64.rpm
424b595a302e6f950bd4e88af2a71949 2010.0/x86_64/opensc-0.11.9-1.16mdv2010.0.x86_64.rpm
dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm
Mandriva Linux 2010.1:
21cdc4dbd255057d296eaaa2af6b2b1a 2010.1/i586/libopensc2-0.11.13-1.1mdv2010.2.i586.rpm
19c974e30853dc9c62784d24feaf99f0 2010.1/i586/libopensc-devel-0.11.13-1.1mdv2010.2.i586.rpm
7d63db45080109e360e3920d5530c772 2010.1/i586/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.i586.rpm
cfb0435a224b16b4bb234ffa3ca04ed5 2010.1/i586/opensc-0.11.13-1.1mdv2010.2.i586.rpm
a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
c6ab89c8f2c4f25c607b0a0c5ca8f475 2010.1/x86_64/lib64opensc2-0.11.13-1.1mdv2010.2.x86_64.rpm
10169c1a73040b07d78960b2acad0b09 2010.1/x86_64/lib64opensc-devel-0.11.13-1.1mdv2010.2.x86_64.rpm
6de487ba79a50f11ad24b8179d77a130 2010.1/x86_64/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.x86_64.rpm
079280aeadbb200384064adc56d39c3b 2010.1/x86_64/opensc-0.11.13-1.1mdv2010.2.x86_64.rpm
a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm
Corporate 4.0:
0d604665f181f4e1a517445feb2ff274 corporate/4.0/i586/libopensc2-0.10.1-2.3.20060mlcs4.i586.rpm
c6c1b330c587df19569ee060a9d0bf78 corporate/4.0/i586/libopensc2-devel-0.10.1-2.3.20060mlcs4.i586.rpm
313b08e5740ecad7bbf95fee5d887832 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.i586.rpm
59e65988a4c63e5b5cc8de751d29efc8 corporate/4.0/i586/opensc-0.10.1-2.3.20060mlcs4.i586.rpm
b56f781b3414bccf788f103b6bffa74e corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3037d4cb7139d0f6b8bb0ae2196a19c4 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.3.20060mlcs4.x86_64.rpm
3349b74c946d7522a31c47aceaf992d2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.3.20060mlcs4.x86_64.rpm
4bedf6cbffc9d2e3c203ea17080179d0 corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm
c0e30a5ef8fccc2e9b1103005f85df5d corporate/4.0/x86_64/opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm
b56f781b3414bccf788f103b6bffa74e corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNMhUNmqjQ0CJFipgRAg4wAKDV4MTrqF6I4RmxVkmMK4v+2XsK0gCgvAYM
Xlg88LIj22On0l1meyG6ObY=
=n1la
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists