Skip to navigation

Security Advisory Moderate: pcsc-lite security and bug fix update

Advisory: RHSA-2013:0525-2
Type: Security Advisory
Severity: Moderate
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-4531

Details

Updated pcsc-lite packages that fix one security issue and three bugs are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

PC/SC Lite provides a Windows SCard compatible interface for communicating
with smart cards, smart card readers, and other security tokens.

A stack-based buffer overflow flaw was found in the way pcsc-lite decoded
certain attribute values of Answer-to-Reset (ATR) messages. A local
attacker could use this flaw to execute arbitrary code with the privileges
of the user running the pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4531)

This update also fixes the following bugs:

* Due to an error in the init script, the chkconfig utility did not
automatically place the pcscd init script after the start of the HAL
daemon. Consequently, the pcscd service did not start automatically at boot
time. With this update, the pcscd init script has been changed to
explicitly start only after HAL is up, thus fixing this bug. (BZ#788474,
BZ#814549)

* Because the chkconfig settings and the startup files in the /etc/rc.d/
directory were not changed during the update described in the
RHBA-2012:0990 advisory, the user had to update the chkconfig settings
manually to fix the problem. Now, the chkconfig settings and the startup
files in the /etc/rc.d/ directory are automatically updated as expected.
(BZ#834803)

* Previously, the SCardGetAttrib() function did not work properly and
always returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of the
actual buffer size. This update applies a patch to fix this bug and the
SCardGetAttrib() function now works as expected. (BZ#891852)

All users of pcsc-lite are advised to upgrade to these updated packages,
which fix these issues. After installing this update, the pcscd daemon will
be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
pcsc-lite-1.5.2-11.el6.src.rpm
File outdated by:  RHBA-2013:0955
    MD5: 538b9ff1d12cf2bde6a08a42dd98b02b
SHA-256: e6108d00beb2afcc4c66cbb9543395c4026c15fd49f6a2c50149aed8af3ef3b1
 
IA-32:
pcsc-lite-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 4d93d2db3d34bfd725691d4a8248315a
SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-doc-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb
SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
 
x86_64:
pcsc-lite-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 49ae1ab2bbe2721541f5780fc76e8000
SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 6b473ecde9c6bc1bee7c175638555d5c
SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: a38ba6c0158174b0309bb482496afc96
SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5
pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: ffa0336a42249a7c9c85ce517c076875
SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: e16fe54f235a837cc858d5e22bb8884e
SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
pcsc-lite-1.5.2-11.el6.src.rpm
File outdated by:  RHBA-2013:0955
    MD5: 538b9ff1d12cf2bde6a08a42dd98b02b
SHA-256: e6108d00beb2afcc4c66cbb9543395c4026c15fd49f6a2c50149aed8af3ef3b1
 
x86_64:
pcsc-lite-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 49ae1ab2bbe2721541f5780fc76e8000
SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 6b473ecde9c6bc1bee7c175638555d5c
SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: a38ba6c0158174b0309bb482496afc96
SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5
pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: ffa0336a42249a7c9c85ce517c076875
SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: e16fe54f235a837cc858d5e22bb8884e
SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
pcsc-lite-1.5.2-11.el6.src.rpm
File outdated by:  RHBA-2013:0955
    MD5: 538b9ff1d12cf2bde6a08a42dd98b02b
SHA-256: e6108d00beb2afcc4c66cbb9543395c4026c15fd49f6a2c50149aed8af3ef3b1
 
IA-32:
pcsc-lite-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 4d93d2db3d34bfd725691d4a8248315a
SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-doc-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb
SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
 
PPC:
pcsc-lite-1.5.2-11.el6.ppc64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 80ae09e27b9cc045f354d4747e05863c
SHA-256: 0db707d947a898e7380240fdb1325d2e194e6d0fbad5493048e50f6ca3422647
pcsc-lite-debuginfo-1.5.2-11.el6.ppc.rpm
File outdated by:  RHBA-2013:0955
    MD5: bf76ed0ef7da6eaaf38809cfb3c02841
SHA-256: df80f7872759a1ab2abe63d833e02b4c803223af8bc74b94c2625bc8295dc94e
pcsc-lite-debuginfo-1.5.2-11.el6.ppc64.rpm
File outdated by:  RHBA-2013:0955
    MD5: d87b944e6fc9950105a0405c99e583d2
SHA-256: cf9898fdf1ea071f94dfa673173e79dd22a1e451ab1107538935916cd6fb0e7e
pcsc-lite-devel-1.5.2-11.el6.ppc.rpm
File outdated by:  RHBA-2013:0955
    MD5: d5bf6d7a9a07f46f8c78f37c5f08c874
SHA-256: ec2aa93552fff63b1c433cf943687db7d2eec377676da9b97e86a3227e48c81e
pcsc-lite-devel-1.5.2-11.el6.ppc64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 4883c1691746a853b3175f0631d34f14
SHA-256: 5d38e834b2a4be634de1100dbc4266d4aecaa0c24d511f338fa304ea413e6561
pcsc-lite-doc-1.5.2-11.el6.ppc64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 37b088b1de626d3e6038b0dc50899502
SHA-256: ab23bb8205b5478ae2c037c80d8ef80fe1f42cbe5168b21cd5d35a066a650d11
pcsc-lite-libs-1.5.2-11.el6.ppc.rpm
File outdated by:  RHBA-2013:0955
    MD5: 02e906c996df0d8d2fa8abad76991d83
SHA-256: b2ffe7fc009ddadba69ff303ec8d9739855ad1717aa0f9a6682c642ae587df12
pcsc-lite-libs-1.5.2-11.el6.ppc64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 78a9d8e508371db0bce5362f270a376c
SHA-256: 7a482c6ff2f852e2d0737d353d6cb73caafd20e859412178ecd4f2981d84153b
 
s390x:
pcsc-lite-1.5.2-11.el6.s390x.rpm
File outdated by:  RHBA-2013:0955
    MD5: a4f4ddff9ecfa97d39e3b1a0b4e1deff
SHA-256: 4590f3f7f42d67f1f2392ea9102d6733edc6918ecdae02dfdfea7d33512e53fa
pcsc-lite-debuginfo-1.5.2-11.el6.s390.rpm
File outdated by:  RHBA-2013:0955
    MD5: 2604849b1f7f3fd50d3b4615a83a30a9
SHA-256: 26aa0d3ec37f35c427673230358abec2f2bca408b864de706179d4e209d41618
pcsc-lite-debuginfo-1.5.2-11.el6.s390x.rpm
File outdated by:  RHBA-2013:0955
    MD5: d6d8d7c06eb9dce9cac57aa716a3c763
SHA-256: 2cd4ed37a40517723510ed34280a0ed135696350b62e625aa17aef8f910649cd
pcsc-lite-devel-1.5.2-11.el6.s390.rpm
File outdated by:  RHBA-2013:0955
    MD5: 284897ce96d3eb80597d5da8c410518c
SHA-256: 6de7ed628c347c37b7347c2b89d2670023ea8ab2a4aa3e721b214fc1578070ac
pcsc-lite-devel-1.5.2-11.el6.s390x.rpm
File outdated by:  RHBA-2013:0955
    MD5: 0a7a287b2d70bae1a5f93fe212f6ec1b
SHA-256: 7a0152b8fd618a5e4627fc82fe61e5496558d29205739c2ebb2b171e3f4b05a2
pcsc-lite-doc-1.5.2-11.el6.s390x.rpm
File outdated by:  RHBA-2013:0955
    MD5: 635bec87d990f8f18d669a14cb2410cb
SHA-256: c4c305d243611152cce54b758d5cbca7c6b0f39804c6d7198b8daaba69538ad8
pcsc-lite-libs-1.5.2-11.el6.s390.rpm
File outdated by:  RHBA-2013:0955
    MD5: a584241f0f6435e67f834492ed46690e
SHA-256: 3921e5b6ce79429c5f65621447cf43f1d01a562e40106f9a5eb60cea00d67b46
pcsc-lite-libs-1.5.2-11.el6.s390x.rpm
File outdated by:  RHBA-2013:0955
    MD5: 15fa914ff52e23f990b549f1df6bb822
SHA-256: cb4a73d4601e86fe383565d14670ec1dc9d90f1da0674d019dff6d7d21aa5e87
 
x86_64:
pcsc-lite-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 49ae1ab2bbe2721541f5780fc76e8000
SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 6b473ecde9c6bc1bee7c175638555d5c
SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: a38ba6c0158174b0309bb482496afc96
SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5
pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: ffa0336a42249a7c9c85ce517c076875
SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: e16fe54f235a837cc858d5e22bb8884e
SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
pcsc-lite-1.5.2-11.el6.src.rpm
File outdated by:  RHBA-2013:0955
    MD5: 538b9ff1d12cf2bde6a08a42dd98b02b
SHA-256: e6108d00beb2afcc4c66cbb9543395c4026c15fd49f6a2c50149aed8af3ef3b1
 
IA-32:
pcsc-lite-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 4d93d2db3d34bfd725691d4a8248315a
SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-doc-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb
SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
 
x86_64:
pcsc-lite-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 49ae1ab2bbe2721541f5780fc76e8000
SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b
pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: a85fcc4033f7722a01f19b124cdabc1d
SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4
pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: 6b473ecde9c6bc1bee7c175638555d5c
SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a
pcsc-lite-devel-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: fd87217e068e7433352ddaa8d5c3dc38
SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7
pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: a38ba6c0158174b0309bb482496afc96
SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5
pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: ffa0336a42249a7c9c85ce517c076875
SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066
pcsc-lite-libs-1.5.2-11.el6.i686.rpm
File outdated by:  RHBA-2013:0955
    MD5: 7eed4bd282bf24b3e63b9802798502bb
SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781
pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm
File outdated by:  RHBA-2013:0955
    MD5: e16fe54f235a837cc858d5e22bb8884e
SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder
834803 - Update of pcsc-lite does not fix problems addressed in BUG 812469
891852 - pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/