Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25511
HistoryJan 19, 2011 - 12:00 a.m.

[ MDVSA-2011:011 ] opensc

2011-01-1900:00:00
vulners.com
9
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2011:011
http://www.mandriva.com/security/

Package : opensc
Date : January 15, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0

Problem Description:

A vulnerability has been found and corrected in opensc:

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13
and earlier allow physically proximate attackers to execute arbitrary
code via a long serial-number field on a smart card, related to
(1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c
(CVE-2010-4523).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4523

Updated Packages:

Mandriva Linux 2009.0:
cd4ae835bea4c7ceada09592b1501e3c
2009.0/i586/libopensc2-0.11.7-0.2mdv2009.0.i586.rpm
cdf28b79c5876cecc44ef2ed59c05931
2009.0/i586/libopensc-devel-0.11.7-0.2mdv2009.0.i586.rpm
acd7df41cf928dd4a19e7552705b703d
2009.0/i586/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.i586.rpm
478e16642c40f8d1840e9585f93d65b9 2009.0/i586/opensc-0.11.7-0.2mdv2009.0.i586.rpm
db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
0e3c89260c75f0c0fef79ede084e5527
2009.0/x86_64/lib64opensc2-0.11.7-0.2mdv2009.0.x86_64.rpm
f6482f439f01051c9918050ecdf0e7a1
2009.0/x86_64/lib64opensc-devel-0.11.7-0.2mdv2009.0.x86_64.rpm
f8fd40a89862e2845fb9468868e06356
2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.x86_64.rpm
b9f0e6200de48e9fb6f8e3b0ff63bf9e
2009.0/x86_64/opensc-0.11.7-0.2mdv2009.0.x86_64.rpm
db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm

Mandriva Linux 2010.0:
36f1b7a48e270da7e7f29f5ed39857f0
2010.0/i586/libopensc2-0.11.9-1.16mdv2010.0.i586.rpm
f924dc31967cf1d53d9ff33b4b9aca57
2010.0/i586/libopensc-devel-0.11.9-1.16mdv2010.0.i586.rpm
88aeaadfcd1815c8f707f91fb177940a
2010.0/i586/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.i586.rpm
6843d2adc5d35d8a576ecbda4836210a
2010.0/i586/opensc-0.11.9-1.16mdv2010.0.i586.rpm
dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
a21a04684e7492a6ac8e23d99241358d
2010.0/x86_64/lib64opensc2-0.11.9-1.16mdv2010.0.x86_64.rpm
aff7742435af0589061b5733716b7efc
2010.0/x86_64/lib64opensc-devel-0.11.9-1.16mdv2010.0.x86_64.rpm
31f266f76efc8e1764024a2342ad6db1
2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.x86_64.rpm
424b595a302e6f950bd4e88af2a71949
2010.0/x86_64/opensc-0.11.9-1.16mdv2010.0.x86_64.rpm
dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm

Mandriva Linux 2010.1:
21cdc4dbd255057d296eaaa2af6b2b1a
2010.1/i586/libopensc2-0.11.13-1.1mdv2010.2.i586.rpm
19c974e30853dc9c62784d24feaf99f0
2010.1/i586/libopensc-devel-0.11.13-1.1mdv2010.2.i586.rpm
7d63db45080109e360e3920d5530c772
2010.1/i586/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.i586.rpm
cfb0435a224b16b4bb234ffa3ca04ed5
2010.1/i586/opensc-0.11.13-1.1mdv2010.2.i586.rpm
a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
c6ab89c8f2c4f25c607b0a0c5ca8f475
2010.1/x86_64/lib64opensc2-0.11.13-1.1mdv2010.2.x86_64.rpm
10169c1a73040b07d78960b2acad0b09
2010.1/x86_64/lib64opensc-devel-0.11.13-1.1mdv2010.2.x86_64.rpm
6de487ba79a50f11ad24b8179d77a130
2010.1/x86_64/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.x86_64.rpm
079280aeadbb200384064adc56d39c3b
2010.1/x86_64/opensc-0.11.13-1.1mdv2010.2.x86_64.rpm
a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm

Corporate 4.0:
0d604665f181f4e1a517445feb2ff274
corporate/4.0/i586/libopensc2-0.10.1-2.3.20060mlcs4.i586.rpm
c6c1b330c587df19569ee060a9d0bf78
corporate/4.0/i586/libopensc2-devel-0.10.1-2.3.20060mlcs4.i586.rpm
313b08e5740ecad7bbf95fee5d887832
corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.i586.rpm
59e65988a4c63e5b5cc8de751d29efc8
corporate/4.0/i586/opensc-0.10.1-2.3.20060mlcs4.i586.rpm
b56f781b3414bccf788f103b6bffa74e
corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3037d4cb7139d0f6b8bb0ae2196a19c4
corporate/4.0/x86_64/lib64opensc2-0.10.1-2.3.20060mlcs4.x86_64.rpm
3349b74c946d7522a31c47aceaf992d2
corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.3.20060mlcs4.x86_64.rpm
4bedf6cbffc9d2e3c203ea17080179d0
corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm
c0e30a5ef8fccc2e9b1103005f85df5d
corporate/4.0/x86_64/opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm
b56f781b3414bccf788f103b6bffa74e
corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNMhUNmqjQ0CJFipgRAg4wAKDV4MTrqF6I4RmxVkmMK4v+2XsK0gCgvAYM
Xlg88LIj22On0l1meyG6ObY=
=n1la
-----END PGP SIGNATURE-----

Related

nessus 8
openvas 8
fedora 2
prion 1
gentoo 1
debiancve 1
cve 1
ubuntucve 1
securityvulns 1
nessus
nessus
openSUSE Security Update : libopensc2 (openSUSE-SU-2011:0049-1)
2014-06-13 00:00:00
GLSA-201401-18 : OpenSC: Arbitrary code execution
2014-01-22 00:00:00
SuSE 11.1 Security Update : opensc (SAT Patch Number 3729)
2011-01-21 00:00:00
openvas
openvas
Fedora Update for opensc FEDORA-2010-19192
2011-01-11 00:00:00
Mandriva Update for opensc MDVSA-2011:011 (opensc)
2011-01-21 00:00:00
OpenSC < 0.12.0 Smart Card Serial Number Multiple Buffer Overflow Vulnerabilities (Windows)
2011-02-01 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: opensc-0.11.13-6.fc14
2011-01-03 20:03:12
[SECURITY] Fedora 13 Update: opensc-0.11.13-6.fc13
2011-01-03 19:59:00
prion
prion
Stack overflow
2011-01-07 20:00:00
gentoo
gentoo
OpenSC: Arbitrary code execution
2014-01-21 00:00:00
debiancve
debiancve
CVE-2010-4523
2011-01-07 20:00:00
cve
cve
CVE-2010-4523
2011-01-07 20:00:00
ubuntucve
ubuntucve
CVE-2010-4523
2011-01-07 00:00:00
securityvulns
securityvulns
OpenSC / PCSC-Lite library buffer overflow
2011-01-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:25511
nessus8openvas8fedora2prion1gentoo1debiancve1cve1ubuntucve1securityvulns1