Skip to navigation

Security Advisory Low: ccid security and bug fix update

Advisory: RHSA-2013:0523-2
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-4530

Details

An updated ccid package that fixes one security issue and one bug are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Chip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this
standard.

An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card's serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)

This update also fixes the following bug:

* Previously, CCID only recognized smart cards with 5V power supply. With
this update, CCID also supports smart cards with different power supply.
(BZ#808115)

All users of ccid are advised to upgrade to this updated package, which
contains backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
ccid-1.3.9-6.el6.src.rpm     MD5: 3b5ed8621e4a2ea5b2ab2674f8b9eebc
SHA-256: d399ac22c8f1d6cc79c9c2c21dc44b46b0c2a8c84d97397fcc21bd780a7577ba
 
IA-32:
ccid-1.3.9-6.el6.i686.rpm     MD5: 68b9494b5b11741cc8640c9256a2473d
SHA-256: d2f5e9aa5855ca0376f7f538185f67c8c19135b09fcb8dd3adb7d3f9057f7f63
ccid-debuginfo-1.3.9-6.el6.i686.rpm     MD5: aa8a1394438ce3d1abeee0b5fd29fcf0
SHA-256: e5db71077e26083e3f957d9008bc74170ea7af6513c352787939a2decfb0100f
 
x86_64:
ccid-1.3.9-6.el6.x86_64.rpm     MD5: 46d5a7e45b43569d7a0f0b059977149e
SHA-256: eba08f821ed07caf124bec3c210e8a1f406dcb7369eaaaf475bf99815fab25b1
ccid-debuginfo-1.3.9-6.el6.x86_64.rpm     MD5: f3c3e35d846a8f50b559bb26f1833267
SHA-256: 935fab047967b598dfb062a407010599a6d8119fa348aee80e57cd6129c3b3f7
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
ccid-1.3.9-6.el6.src.rpm     MD5: 3b5ed8621e4a2ea5b2ab2674f8b9eebc
SHA-256: d399ac22c8f1d6cc79c9c2c21dc44b46b0c2a8c84d97397fcc21bd780a7577ba
 
x86_64:
ccid-1.3.9-6.el6.x86_64.rpm     MD5: 46d5a7e45b43569d7a0f0b059977149e
SHA-256: eba08f821ed07caf124bec3c210e8a1f406dcb7369eaaaf475bf99815fab25b1
ccid-debuginfo-1.3.9-6.el6.x86_64.rpm     MD5: f3c3e35d846a8f50b559bb26f1833267
SHA-256: 935fab047967b598dfb062a407010599a6d8119fa348aee80e57cd6129c3b3f7
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
ccid-1.3.9-6.el6.src.rpm     MD5: 3b5ed8621e4a2ea5b2ab2674f8b9eebc
SHA-256: d399ac22c8f1d6cc79c9c2c21dc44b46b0c2a8c84d97397fcc21bd780a7577ba
 
IA-32:
ccid-1.3.9-6.el6.i686.rpm     MD5: 68b9494b5b11741cc8640c9256a2473d
SHA-256: d2f5e9aa5855ca0376f7f538185f67c8c19135b09fcb8dd3adb7d3f9057f7f63
ccid-debuginfo-1.3.9-6.el6.i686.rpm     MD5: aa8a1394438ce3d1abeee0b5fd29fcf0
SHA-256: e5db71077e26083e3f957d9008bc74170ea7af6513c352787939a2decfb0100f
 
PPC:
ccid-1.3.9-6.el6.ppc64.rpm     MD5: f5524eb77cb89b957dc4b03e2e7af65b
SHA-256: a17f94eb0b2e238cd09e7433fcaa0a5a47e460bd9e29dead6deb9ac87fb5df87
ccid-debuginfo-1.3.9-6.el6.ppc64.rpm     MD5: a5d1336132b95d83bb06cda2e64f08b3
SHA-256: e32442ddaff7ac29514c6f90e12bae2103ca01c5740aa2cb7596f8cba1fb93d6
 
x86_64:
ccid-1.3.9-6.el6.x86_64.rpm     MD5: 46d5a7e45b43569d7a0f0b059977149e
SHA-256: eba08f821ed07caf124bec3c210e8a1f406dcb7369eaaaf475bf99815fab25b1
ccid-debuginfo-1.3.9-6.el6.x86_64.rpm     MD5: f3c3e35d846a8f50b559bb26f1833267
SHA-256: 935fab047967b598dfb062a407010599a6d8119fa348aee80e57cd6129c3b3f7
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
ccid-1.3.9-6.el6.src.rpm     MD5: 3b5ed8621e4a2ea5b2ab2674f8b9eebc
SHA-256: d399ac22c8f1d6cc79c9c2c21dc44b46b0c2a8c84d97397fcc21bd780a7577ba
 
IA-32:
ccid-1.3.9-6.el6.i686.rpm     MD5: 68b9494b5b11741cc8640c9256a2473d
SHA-256: d2f5e9aa5855ca0376f7f538185f67c8c19135b09fcb8dd3adb7d3f9057f7f63
ccid-debuginfo-1.3.9-6.el6.i686.rpm     MD5: aa8a1394438ce3d1abeee0b5fd29fcf0
SHA-256: e5db71077e26083e3f957d9008bc74170ea7af6513c352787939a2decfb0100f
 
x86_64:
ccid-1.3.9-6.el6.x86_64.rpm     MD5: 46d5a7e45b43569d7a0f0b059977149e
SHA-256: eba08f821ed07caf124bec3c210e8a1f406dcb7369eaaaf475bf99815fab25b1
ccid-debuginfo-1.3.9-6.el6.x86_64.rpm     MD5: f3c3e35d846a8f50b559bb26f1833267
SHA-256: 935fab047967b598dfb062a407010599a6d8119fa348aee80e57cd6129c3b3f7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

664986 - CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/