Subject: | |
From: | |
Reply To: | |
Date: | Mon, 4 Mar 2013 13:10:11 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Low: ccid security and bug fix update
Issue Date: 2013-02-21
CVE Numbers: CVE-2010-4530
--
An integer overflow, leading to an array index error, was found in the
way the
CCID driver processed a smart card's serial number. A local attacker
could use
this flaw to execute arbitrary code with the privileges of the user
running the
PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted
smart card. (CVE-2010-4530)
This update also fixes the following bug:
* Previously, CCID only recognized smart cards with 5V power supply.
With this
update, CCID also supports smart cards with different power supply.
--
SL6
x86_64
ccid-1.3.9-6.el6.x86_64.rpm
ccid-debuginfo-1.3.9-6.el6.x86_64.rpm
i386
ccid-1.3.9-6.el6.i686.rpm
ccid-debuginfo-1.3.9-6.el6.i686.rpm
- Scientific Linux Development Team
|
|
|