[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2013-0525 -- Oracle pcsc-lite

ID: oval:org.secpod.oval:def:1500036Date: (C)2013-03-20   (M)2023-02-20
Class: PATCHFamily: unix




Updated pcsc-lite packages that fix one security issue and three bugs arenow available for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System base score,which gives a detailed severity rating, is available from the CVE link inthe References section. PC/SC Lite provides a Windows SCard compatible interface for communicatingwith smart cards, smart card readers, and other security tokens.A stack-based buffer overflow flaw was found in the way pcsc-lite decodedcertain attribute values of Answer-to-Reset messages. A localattacker could use this flaw to execute arbitrary code with the privilegesof the user running the pcscd daemon , by inserting aspecially-crafted smart card. This update also fixes the following bugs:* Due to an error in the init script, the chkconfig utility did notautomatically place the pcscd init script after the start of the HALdaemon. Consequently, the pcscd service did not start automatically at boottime. With this update, the pcscd init script has been changed toexplicitly start only after HAL is up, thus fixing this bug. * Because the chkconfig settings and the startup files in the /etc/rc.d/directory were not changed during the update described in theRHBA-2012:0990 advisory, the user had to update the chkconfig settingsmanually to fix the problem. Now, the chkconfig settings and the startupfiles in the /etc/rc.d/ directory are automatically updated as expected.* Previously, the SCardGetAttrib function did not work properly andalways returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of theactual buffer size. This update applies a patch to fix this bug and theSCardGetAttrib function now works as expected. All users of pcsc-lite are advised to upgrade to these updated packages,which fix these issues. After installing this update, the pcscd daemon willbe restarted automatically.

Platform:
Oracle Linux 6
Product:
pcsc-lite
Reference:
ELSA-2013-0525
CVE-2010-4531
CVE    1
CVE-2010-4531
CPE    2
cpe:/a:muscle:pcsc-lite
cpe:/o:oracle:linux:6

© SecPod Technologies