-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2011-0162 2011-01-05 20:43:12 --------------------------------------------------------------------------------
Name : ccid Product : Fedora 14 Version : 1.4.0 Release : 2.fc14 URL : http://pcsclite.alioth.debian.org/ccid.html Summary : Generic USB CCID smart card reader driver Description : Generic USB CCID (Chip/Smart Card Interface Devices) driver. -------------------------------------------------------------------------------- Update Information: This update fixes the following security issue: An integer overflow, leading to array index error was found in the way USB CCID (Chip/Smart Card Interface Devices) driver processed certain values of card serial number. A local attacker could use this flaw to execute arbitrary code, with the privileges of the user running the pcscd daemon, via a malicious smart card with specially-crafted value of its serial number, inserted to the system USB port. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 5 2011 Kalev Lember <[email protected]> - 1.4.0-2 - Fixed an integer overflow in card serial number processing code (CVE-2010-4530) -------------------------------------------------------------------------------- References: [ 1 ] Bug #664986 - CVE-2010-4530 CCID: Integer overflow, leading to array index error when processing crafted serial number of certain cards https://bugzilla.redhat.com/show_bug.cgi?id=664986 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ccid' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
