ccid-1.3.9-6.AXS4

エラータID: AXSA:2013-120:01

Release date: 
Wednesday, March 6, 2013 - 12:31
Subject: 
ccid-1.3.9-6.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Generic USB CCID (Chip/Smart Card Interface Devices) driver.

Security issues fixed with this release:

• CVE-2010-4530
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer

Solution: 

Update packages.

CVEs: 
CVE-2010-4530
Signedness error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow. NOTE: some sources refer to this issue as an integer overflow.


Additional Info: 

N/A

Download: 

SRPMS
  1. ccid-1.3.9-6.AXS4.src.rpm
    MD5: 24540172c369b3360db3533d83b02d3c
    SHA-256: 2f05f0f95616c7584e26799ec89627f3d090350aaa32635c8d9de5fb81d3c84c
    Size: 391.96 kB

Asianux Server 4 for x86
  1. ccid-1.3.9-6.AXS4.i686.rpm
    MD5: cfa65c055a3e22038d842de95aeea582
    SHA-256: 289c06f509c49a33f8e5a78ea835213f57758aa8e95d995a85a30f9f1ca9acd5
    Size: 118.73 kB

Asianux Server 4 for x86_64
  1. ccid-1.3.9-6.AXS4.x86_64.rpm
    MD5: efcd3e1c279c0063891235492a9dfe8a
    SHA-256: 56db76f293bcf7ff8013fe1e40e73ab7ff9b767d49d59368a13b163ab47acb33
    Size: 119.76 kB