lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PeH4C-00032Q-9j@titan.mandriva.com>
Date: Sun, 16 Jan 2011 02:06:00 +0100
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDVSA-2011:011 ] opensc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:011
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : opensc
 Date    : January 15, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in opensc:
 
 Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
 and earlier allow physically proximate attackers to execute arbitrary
 code via a long serial-number field on a smart card, related to
 (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
 (CVE-2010-4523).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4523
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 cd4ae835bea4c7ceada09592b1501e3c  2009.0/i586/libopensc2-0.11.7-0.2mdv2009.0.i586.rpm
 cdf28b79c5876cecc44ef2ed59c05931  2009.0/i586/libopensc-devel-0.11.7-0.2mdv2009.0.i586.rpm
 acd7df41cf928dd4a19e7552705b703d  2009.0/i586/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.i586.rpm
 478e16642c40f8d1840e9585f93d65b9  2009.0/i586/opensc-0.11.7-0.2mdv2009.0.i586.rpm 
 db6ffb1846f25155142ed280091491e5  2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 0e3c89260c75f0c0fef79ede084e5527  2009.0/x86_64/lib64opensc2-0.11.7-0.2mdv2009.0.x86_64.rpm
 f6482f439f01051c9918050ecdf0e7a1  2009.0/x86_64/lib64opensc-devel-0.11.7-0.2mdv2009.0.x86_64.rpm
 f8fd40a89862e2845fb9468868e06356  2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.x86_64.rpm
 b9f0e6200de48e9fb6f8e3b0ff63bf9e  2009.0/x86_64/opensc-0.11.7-0.2mdv2009.0.x86_64.rpm 
 db6ffb1846f25155142ed280091491e5  2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 36f1b7a48e270da7e7f29f5ed39857f0  2010.0/i586/libopensc2-0.11.9-1.16mdv2010.0.i586.rpm
 f924dc31967cf1d53d9ff33b4b9aca57  2010.0/i586/libopensc-devel-0.11.9-1.16mdv2010.0.i586.rpm
 88aeaadfcd1815c8f707f91fb177940a  2010.0/i586/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.i586.rpm
 6843d2adc5d35d8a576ecbda4836210a  2010.0/i586/opensc-0.11.9-1.16mdv2010.0.i586.rpm 
 dee3d3aea171adb5276536aa9c589b8b  2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 a21a04684e7492a6ac8e23d99241358d  2010.0/x86_64/lib64opensc2-0.11.9-1.16mdv2010.0.x86_64.rpm
 aff7742435af0589061b5733716b7efc  2010.0/x86_64/lib64opensc-devel-0.11.9-1.16mdv2010.0.x86_64.rpm
 31f266f76efc8e1764024a2342ad6db1  2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.x86_64.rpm
 424b595a302e6f950bd4e88af2a71949  2010.0/x86_64/opensc-0.11.9-1.16mdv2010.0.x86_64.rpm 
 dee3d3aea171adb5276536aa9c589b8b  2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 21cdc4dbd255057d296eaaa2af6b2b1a  2010.1/i586/libopensc2-0.11.13-1.1mdv2010.2.i586.rpm
 19c974e30853dc9c62784d24feaf99f0  2010.1/i586/libopensc-devel-0.11.13-1.1mdv2010.2.i586.rpm
 7d63db45080109e360e3920d5530c772  2010.1/i586/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.i586.rpm
 cfb0435a224b16b4bb234ffa3ca04ed5  2010.1/i586/opensc-0.11.13-1.1mdv2010.2.i586.rpm 
 a135736103e66fb9006bfdd8ac7dc2c7  2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 c6ab89c8f2c4f25c607b0a0c5ca8f475  2010.1/x86_64/lib64opensc2-0.11.13-1.1mdv2010.2.x86_64.rpm
 10169c1a73040b07d78960b2acad0b09  2010.1/x86_64/lib64opensc-devel-0.11.13-1.1mdv2010.2.x86_64.rpm
 6de487ba79a50f11ad24b8179d77a130  2010.1/x86_64/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.x86_64.rpm
 079280aeadbb200384064adc56d39c3b  2010.1/x86_64/opensc-0.11.13-1.1mdv2010.2.x86_64.rpm 
 a135736103e66fb9006bfdd8ac7dc2c7  2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm

 Corporate 4.0:
 0d604665f181f4e1a517445feb2ff274  corporate/4.0/i586/libopensc2-0.10.1-2.3.20060mlcs4.i586.rpm
 c6c1b330c587df19569ee060a9d0bf78  corporate/4.0/i586/libopensc2-devel-0.10.1-2.3.20060mlcs4.i586.rpm
 313b08e5740ecad7bbf95fee5d887832  corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.i586.rpm
 59e65988a4c63e5b5cc8de751d29efc8  corporate/4.0/i586/opensc-0.10.1-2.3.20060mlcs4.i586.rpm 
 b56f781b3414bccf788f103b6bffa74e  corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3037d4cb7139d0f6b8bb0ae2196a19c4  corporate/4.0/x86_64/lib64opensc2-0.10.1-2.3.20060mlcs4.x86_64.rpm
 3349b74c946d7522a31c47aceaf992d2  corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.3.20060mlcs4.x86_64.rpm
 4bedf6cbffc9d2e3c203ea17080179d0  corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm
 c0e30a5ef8fccc2e9b1103005f85df5d  corporate/4.0/x86_64/opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm 
 b56f781b3414bccf788f103b6bffa74e  corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNMhUNmqjQ0CJFipgRAg4wAKDV4MTrqF6I4RmxVkmMK4v+2XsK0gCgvAYM
Xlg88LIj22On0l1meyG6ObY=
=n1la
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ