Säkerhetsbulletin från Debian

DSA-1734-1 opensc -- programmeringsfel

Rapporterat den:
2009-03-05
Berörda paket:
opensc
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2009-0368.
Ytterligare information:

b.badrignans upptäckte att OpenSC, en uppsättning verktyg för smarta kort, kunde lagra privat data på ett smart kort utan korrekta åtkomstrestriktioner.

Bara blanka kort initialiserade med OpenSC påverkas av detta problem. Denna uppdatering förbättrar bara skapandet av nya privata dataobjekt, men kort som redan initialiserars med sådana privata dataobjekt behöver modifieras för att reparera åtkomstkontrolldatat på sådana kort. Instruktioner för ett antal olika situationer finns på OpenSC:s webbplats: http://www.opensc-project.org/security.html

Den gamla stabila utgåvan (Etch) is not affected by this problem.

För den stabila utgåvan (Lenny) har detta problem rättats i version 0.11.4-5+lenny1.

För den instabila utgåvan (Sid) kommer detta problem att rättas inom kort.

Vi rekommenderar att ni uppgraderar ert opensc-paket och återskapar de privata dataobjekt som lagras på era smarta kort.

Rättat i:

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1.dsc
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1.diff.gz
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_arm.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_arm.deb
:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_armel.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_armel.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_i386.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_mips.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_mips.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_mips.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_mips.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/o/opensc/libopensc2_0.11.4-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/o/opensc/mozilla-opensc_0.11.4-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/o/opensc/libopensc2-dev_0.11.4-5+lenny1_s390.deb
http://security.debian.org/pool/updates/main/o/opensc/opensc_0.11.4-5+lenny1_s390.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.