Debians sikkerhedsbulletin

DSA-2059-1 pcsc-lite -- bufferoverløb

Rapporteret den:
10. jun 2010
Berørte pakker:
pcsc-lite
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
I Mitres CVE-ordbog: CVE-2010-0407.
Yderligere oplysninger:

Man opdagede at PCSCD, en dæmon beregnet til at tilgå smartcards, var sårbar over for et bufferoverløb, hvilket gjorde det muligt for en lokal angriber at forøge sine rettigheder til root.

I den stabile distribution (lenny), er dette problem rettet i version 1.4.102-1+lenny1.

I den ustabile distribution (sid), er dette problem rettet i version 1.5.4-1.

Vi anbefaler at du opgraderer din pcsc-lite-pakke.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny1.diff.gz
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102.orig.tar.gz
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcsc-lite_1.4.102-1+lenny1.dsc
Alpha:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_arm.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite-dev_1.4.102-1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/libpcsclite1_1.4.102-1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/p/pcsc-lite/pcscd_1.4.102-1+lenny1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.