-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:011 http://www.mandriva.com/security/ _______________________________________________________________________ Package : opensc Date : January 15, 2011 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in opensc: Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c (CVE-2010-4523). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4523 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: cd4ae835bea4c7ceada09592b1501e3c 2009.0/i586/libopensc2-0.11.7-0.2mdv2009.0.i586.rpm cdf28b79c5876cecc44ef2ed59c05931 2009.0/i586/libopensc-devel-0.11.7-0.2mdv2009.0.i586.rpm acd7df41cf928dd4a19e7552705b703d 2009.0/i586/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.i586.rpm 478e16642c40f8d1840e9585f93d65b9 2009.0/i586/opensc-0.11.7-0.2mdv2009.0.i586.rpm db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 0e3c89260c75f0c0fef79ede084e5527 2009.0/x86_64/lib64opensc2-0.11.7-0.2mdv2009.0.x86_64.rpm f6482f439f01051c9918050ecdf0e7a1 2009.0/x86_64/lib64opensc-devel-0.11.7-0.2mdv2009.0.x86_64.rpm f8fd40a89862e2845fb9468868e06356 2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.2mdv2009.0.x86_64.rpm b9f0e6200de48e9fb6f8e3b0ff63bf9e 2009.0/x86_64/opensc-0.11.7-0.2mdv2009.0.x86_64.rpm db6ffb1846f25155142ed280091491e5 2009.0/SRPMS/opensc-0.11.7-0.2mdv2009.0.src.rpm Mandriva Linux 2010.0: 36f1b7a48e270da7e7f29f5ed39857f0 2010.0/i586/libopensc2-0.11.9-1.16mdv2010.0.i586.rpm f924dc31967cf1d53d9ff33b4b9aca57 2010.0/i586/libopensc-devel-0.11.9-1.16mdv2010.0.i586.rpm 88aeaadfcd1815c8f707f91fb177940a 2010.0/i586/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.i586.rpm 6843d2adc5d35d8a576ecbda4836210a 2010.0/i586/opensc-0.11.9-1.16mdv2010.0.i586.rpm dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a21a04684e7492a6ac8e23d99241358d 2010.0/x86_64/lib64opensc2-0.11.9-1.16mdv2010.0.x86_64.rpm aff7742435af0589061b5733716b7efc 2010.0/x86_64/lib64opensc-devel-0.11.9-1.16mdv2010.0.x86_64.rpm 31f266f76efc8e1764024a2342ad6db1 2010.0/x86_64/mozilla-plugin-opensc-0.11.9-1.16mdv2010.0.x86_64.rpm 424b595a302e6f950bd4e88af2a71949 2010.0/x86_64/opensc-0.11.9-1.16mdv2010.0.x86_64.rpm dee3d3aea171adb5276536aa9c589b8b 2010.0/SRPMS/opensc-0.11.9-1.16mdv2010.0.src.rpm Mandriva Linux 2010.1: 21cdc4dbd255057d296eaaa2af6b2b1a 2010.1/i586/libopensc2-0.11.13-1.1mdv2010.2.i586.rpm 19c974e30853dc9c62784d24feaf99f0 2010.1/i586/libopensc-devel-0.11.13-1.1mdv2010.2.i586.rpm 7d63db45080109e360e3920d5530c772 2010.1/i586/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.i586.rpm cfb0435a224b16b4bb234ffa3ca04ed5 2010.1/i586/opensc-0.11.13-1.1mdv2010.2.i586.rpm a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: c6ab89c8f2c4f25c607b0a0c5ca8f475 2010.1/x86_64/lib64opensc2-0.11.13-1.1mdv2010.2.x86_64.rpm 10169c1a73040b07d78960b2acad0b09 2010.1/x86_64/lib64opensc-devel-0.11.13-1.1mdv2010.2.x86_64.rpm 6de487ba79a50f11ad24b8179d77a130 2010.1/x86_64/mozilla-plugin-opensc-0.11.13-1.1mdv2010.2.x86_64.rpm 079280aeadbb200384064adc56d39c3b 2010.1/x86_64/opensc-0.11.13-1.1mdv2010.2.x86_64.rpm a135736103e66fb9006bfdd8ac7dc2c7 2010.1/SRPMS/opensc-0.11.13-1.1mdv2010.2.src.rpm Corporate 4.0: 0d604665f181f4e1a517445feb2ff274 corporate/4.0/i586/libopensc2-0.10.1-2.3.20060mlcs4.i586.rpm c6c1b330c587df19569ee060a9d0bf78 corporate/4.0/i586/libopensc2-devel-0.10.1-2.3.20060mlcs4.i586.rpm 313b08e5740ecad7bbf95fee5d887832 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.i586.rpm 59e65988a4c63e5b5cc8de751d29efc8 corporate/4.0/i586/opensc-0.10.1-2.3.20060mlcs4.i586.rpm b56f781b3414bccf788f103b6bffa74e corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3037d4cb7139d0f6b8bb0ae2196a19c4 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.3.20060mlcs4.x86_64.rpm 3349b74c946d7522a31c47aceaf992d2 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.3.20060mlcs4.x86_64.rpm 4bedf6cbffc9d2e3c203ea17080179d0 corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm c0e30a5ef8fccc2e9b1103005f85df5d corporate/4.0/x86_64/opensc-0.10.1-2.3.20060mlcs4.x86_64.rpm b56f781b3414bccf788f103b6bffa74e corporate/4.0/SRPMS/opensc-0.10.1-2.3.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNMhUNmqjQ0CJFipgRAg4wAKDV4MTrqF6I4RmxVkmMK4v+2XsK0gCgvAYM Xlg88LIj22On0l1meyG6ObY= =n1la -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/