Security Information / 2011 / Security Information -- DSA-2156-1 pcscd

Debian Security Advisory

DSA-2156-1 pcscd -- buffer overflow

Date Reported:

31 Jan 2011

Affected Packages:

pcscd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2010-4531.

More information:

MWR InfoSecurity identified a buffer overflow in pcscd, middleware to access a smart card via PC/SC, which could lead to the execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in version 1.4.102-1+lenny4.

For the testing distribution (squeeze), this problem has been fixed in version 1.5.5-4.

For the unstable distribution (sid), this problem has been fixed in version 1.5.5-4.

We recommend that you upgrade your pcscd packages.