Moderate: pcsc-lite security and bug fix update
| Advisory: | RHSA-2013:0525-2 |
|---|---|
| Type: | Security Advisory |
| Severity: | Moderate |
| Issued on: | 2013-02-21 |
| Last updated on: | 2013-02-21 |
| Affected Products: | Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux HPC Node (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) |
| CVEs (cve.mitre.org): |
CVE-2010-4531 |
Details
Updated pcsc-lite packages that fix one security issue and three bugs are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
PC/SC Lite provides a Windows SCard compatible interface for communicating
with smart cards, smart card readers, and other security tokens.
A stack-based buffer overflow flaw was found in the way pcsc-lite decoded
certain attribute values of Answer-to-Reset (ATR) messages. A local
attacker could use this flaw to execute arbitrary code with the privileges
of the user running the pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4531)
This update also fixes the following bugs:
* Due to an error in the init script, the chkconfig utility did not
automatically place the pcscd init script after the start of the HAL
daemon. Consequently, the pcscd service did not start automatically at boot
time. With this update, the pcscd init script has been changed to
explicitly start only after HAL is up, thus fixing this bug. (BZ#788474,
BZ#814549)
* Because the chkconfig settings and the startup files in the /etc/rc.d/
directory were not changed during the update described in the
RHBA-2012:0990 advisory, the user had to update the chkconfig settings
manually to fix the problem. Now, the chkconfig settings and the startup
files in the /etc/rc.d/ directory are automatically updated as expected.
(BZ#834803)
* Previously, the SCardGetAttrib() function did not work properly and
always returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of the
actual buffer size. This update applies a patch to fix this bug and the
SCardGetAttrib() function now works as expected. (BZ#891852)
All users of pcsc-lite are advised to upgrade to these updated packages,
which fix these issues. After installing this update, the pcscd daemon will
be restarted automatically.
Solution
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
Updated packages
| Red Hat Enterprise Linux Desktop (v. 6) | |
| SRPMS: | |
| pcsc-lite-1.5.2-11.el6.src.rpm | MD5: db44ac9f0ca9ab53b9d4b0da3d8ceb96 SHA-256: 584fb653bfa69729e7214b876ffe179fb43956aad7d631e6ca68e813de39ab33 |
| IA-32: | |
| pcsc-lite-1.5.2-11.el6.i686.rpm | MD5: 4d93d2db3d34bfd725691d4a8248315a SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683 |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-doc-1.5.2-11.el6.i686.rpm | MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| x86_64: | |
| pcsc-lite-1.5.2-11.el6.x86_64.rpm | MD5: 49ae1ab2bbe2721541f5780fc76e8000 SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm | MD5: 6b473ecde9c6bc1bee7c175638555d5c SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm | MD5: a38ba6c0158174b0309bb482496afc96 SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5 |
| pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm | MD5: ffa0336a42249a7c9c85ce517c076875 SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066 |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm | MD5: e16fe54f235a837cc858d5e22bb8884e SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741 |
| Red Hat Enterprise Linux HPC Node (v. 6) | |
| SRPMS: | |
| pcsc-lite-1.5.2-11.el6.src.rpm | MD5: db44ac9f0ca9ab53b9d4b0da3d8ceb96 SHA-256: 584fb653bfa69729e7214b876ffe179fb43956aad7d631e6ca68e813de39ab33 |
| x86_64: | |
| pcsc-lite-1.5.2-11.el6.x86_64.rpm | MD5: 49ae1ab2bbe2721541f5780fc76e8000 SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm | MD5: 6b473ecde9c6bc1bee7c175638555d5c SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm | MD5: a38ba6c0158174b0309bb482496afc96 SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5 |
| pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm | MD5: ffa0336a42249a7c9c85ce517c076875 SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066 |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm | MD5: e16fe54f235a837cc858d5e22bb8884e SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741 |
| Red Hat Enterprise Linux Server (v. 6) | |
| SRPMS: | |
| pcsc-lite-1.5.2-11.el6.src.rpm | MD5: db44ac9f0ca9ab53b9d4b0da3d8ceb96 SHA-256: 584fb653bfa69729e7214b876ffe179fb43956aad7d631e6ca68e813de39ab33 |
| IA-32: | |
| pcsc-lite-1.5.2-11.el6.i686.rpm | MD5: 4d93d2db3d34bfd725691d4a8248315a SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683 |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-doc-1.5.2-11.el6.i686.rpm | MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| PPC: | |
| pcsc-lite-1.5.2-11.el6.ppc64.rpm | MD5: 80ae09e27b9cc045f354d4747e05863c SHA-256: 0db707d947a898e7380240fdb1325d2e194e6d0fbad5493048e50f6ca3422647 |
| pcsc-lite-debuginfo-1.5.2-11.el6.ppc.rpm | MD5: bf76ed0ef7da6eaaf38809cfb3c02841 SHA-256: df80f7872759a1ab2abe63d833e02b4c803223af8bc74b94c2625bc8295dc94e |
| pcsc-lite-debuginfo-1.5.2-11.el6.ppc64.rpm | MD5: d87b944e6fc9950105a0405c99e583d2 SHA-256: cf9898fdf1ea071f94dfa673173e79dd22a1e451ab1107538935916cd6fb0e7e |
| pcsc-lite-devel-1.5.2-11.el6.ppc.rpm | MD5: d5bf6d7a9a07f46f8c78f37c5f08c874 SHA-256: ec2aa93552fff63b1c433cf943687db7d2eec377676da9b97e86a3227e48c81e |
| pcsc-lite-devel-1.5.2-11.el6.ppc64.rpm | MD5: 4883c1691746a853b3175f0631d34f14 SHA-256: 5d38e834b2a4be634de1100dbc4266d4aecaa0c24d511f338fa304ea413e6561 |
| pcsc-lite-doc-1.5.2-11.el6.ppc64.rpm | MD5: 37b088b1de626d3e6038b0dc50899502 SHA-256: ab23bb8205b5478ae2c037c80d8ef80fe1f42cbe5168b21cd5d35a066a650d11 |
| pcsc-lite-libs-1.5.2-11.el6.ppc.rpm | MD5: 02e906c996df0d8d2fa8abad76991d83 SHA-256: b2ffe7fc009ddadba69ff303ec8d9739855ad1717aa0f9a6682c642ae587df12 |
| pcsc-lite-libs-1.5.2-11.el6.ppc64.rpm | MD5: 78a9d8e508371db0bce5362f270a376c SHA-256: 7a482c6ff2f852e2d0737d353d6cb73caafd20e859412178ecd4f2981d84153b |
| s390x: | |
| pcsc-lite-1.5.2-11.el6.s390x.rpm | MD5: a4f4ddff9ecfa97d39e3b1a0b4e1deff SHA-256: 4590f3f7f42d67f1f2392ea9102d6733edc6918ecdae02dfdfea7d33512e53fa |
| pcsc-lite-debuginfo-1.5.2-11.el6.s390.rpm | MD5: 2604849b1f7f3fd50d3b4615a83a30a9 SHA-256: 26aa0d3ec37f35c427673230358abec2f2bca408b864de706179d4e209d41618 |
| pcsc-lite-debuginfo-1.5.2-11.el6.s390x.rpm | MD5: d6d8d7c06eb9dce9cac57aa716a3c763 SHA-256: 2cd4ed37a40517723510ed34280a0ed135696350b62e625aa17aef8f910649cd |
| pcsc-lite-devel-1.5.2-11.el6.s390.rpm | MD5: 284897ce96d3eb80597d5da8c410518c SHA-256: 6de7ed628c347c37b7347c2b89d2670023ea8ab2a4aa3e721b214fc1578070ac |
| pcsc-lite-devel-1.5.2-11.el6.s390x.rpm | MD5: 0a7a287b2d70bae1a5f93fe212f6ec1b SHA-256: 7a0152b8fd618a5e4627fc82fe61e5496558d29205739c2ebb2b171e3f4b05a2 |
| pcsc-lite-doc-1.5.2-11.el6.s390x.rpm | MD5: 635bec87d990f8f18d669a14cb2410cb SHA-256: c4c305d243611152cce54b758d5cbca7c6b0f39804c6d7198b8daaba69538ad8 |
| pcsc-lite-libs-1.5.2-11.el6.s390.rpm | MD5: a584241f0f6435e67f834492ed46690e SHA-256: 3921e5b6ce79429c5f65621447cf43f1d01a562e40106f9a5eb60cea00d67b46 |
| pcsc-lite-libs-1.5.2-11.el6.s390x.rpm | MD5: 15fa914ff52e23f990b549f1df6bb822 SHA-256: cb4a73d4601e86fe383565d14670ec1dc9d90f1da0674d019dff6d7d21aa5e87 |
| x86_64: | |
| pcsc-lite-1.5.2-11.el6.x86_64.rpm | MD5: 49ae1ab2bbe2721541f5780fc76e8000 SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm | MD5: 6b473ecde9c6bc1bee7c175638555d5c SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm | MD5: a38ba6c0158174b0309bb482496afc96 SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5 |
| pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm | MD5: ffa0336a42249a7c9c85ce517c076875 SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066 |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm | MD5: e16fe54f235a837cc858d5e22bb8884e SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741 |
| Red Hat Enterprise Linux Workstation (v. 6) | |
| SRPMS: | |
| pcsc-lite-1.5.2-11.el6.src.rpm | MD5: db44ac9f0ca9ab53b9d4b0da3d8ceb96 SHA-256: 584fb653bfa69729e7214b876ffe179fb43956aad7d631e6ca68e813de39ab33 |
| IA-32: | |
| pcsc-lite-1.5.2-11.el6.i686.rpm | MD5: 4d93d2db3d34bfd725691d4a8248315a SHA-256: c0920421b7961d7024cc82c4f6f233068933eee8ac32cf72fcdb033627739683 |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-doc-1.5.2-11.el6.i686.rpm | MD5: ab18fac2a8c4c4dc43350cd70c0b7fdb SHA-256: c34338321753b97acb2d43bf71fdb5f4f168a86367af6188f1174f91c9114d8f |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| x86_64: | |
| pcsc-lite-1.5.2-11.el6.x86_64.rpm | MD5: 49ae1ab2bbe2721541f5780fc76e8000 SHA-256: ff78f9ba74b945cb07bc7d8d786566ee96be1de67b59b33539419de049b5826b |
| pcsc-lite-debuginfo-1.5.2-11.el6.i686.rpm | MD5: a85fcc4033f7722a01f19b124cdabc1d SHA-256: 3fa8cb93b81fa5186328bf49887ecbf55e53aa9d176231fbdfd6dcb81b64f9a4 |
| pcsc-lite-debuginfo-1.5.2-11.el6.x86_64.rpm | MD5: 6b473ecde9c6bc1bee7c175638555d5c SHA-256: ca6ba1dbf7bcad4baf2bf1340885f60036b29353f47664b53a3c6e112c911a5a |
| pcsc-lite-devel-1.5.2-11.el6.i686.rpm | MD5: fd87217e068e7433352ddaa8d5c3dc38 SHA-256: 0d41a1c46282ef2f406f1264e5051c04866cc0f0c328c3962eb82bbc64c0b9f7 |
| pcsc-lite-devel-1.5.2-11.el6.x86_64.rpm | MD5: a38ba6c0158174b0309bb482496afc96 SHA-256: 6cd284a2a1f7df0d7c4782c02cf7a5710c38ba99b32cc02d4937b9da484592a5 |
| pcsc-lite-doc-1.5.2-11.el6.x86_64.rpm | MD5: ffa0336a42249a7c9c85ce517c076875 SHA-256: 90bf7384cfbaf20a333cccbbb28fdf3ac764aac263ba98f3ddd6d8776782c066 |
| pcsc-lite-libs-1.5.2-11.el6.i686.rpm | MD5: 7eed4bd282bf24b3e63b9802798502bb SHA-256: 0b6047ad4aad8b00b823e142cdbabbf0f06af886648ca1cb945773cd6ac8e781 |
| pcsc-lite-libs-1.5.2-11.el6.x86_64.rpm | MD5: e16fe54f235a837cc858d5e22bb8884e SHA-256: e35b702eba52cbe8e09725620a6f032dbc446be3eaf3db5faf2dd5a5a9575741 |
| (The unlinked packages above are only available from the Red Hat Network) | |
Bugs fixed (see bugzilla for more information)
664999 - CVE-2010-4531 pcsc-lite: Stack-based buffer overflow in Answer-to-Reset (ATR) decoder
834803 - Update of pcsc-lite does not fix problems addressed in BUG 812469
891852 - pcsc-lite: incorrect check in SCardGetAttrib and SCardSetAttrib handling
References
https://www.redhat.com/security/data/cve/CVE-2010-4531.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/security/updates/classification/#moderate
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
