To: [email protected]Subject: [ MDVSA-2009:089 ] opensc
Date: Fri, 10 Apr 2009 04:13:00 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Ls6Em-0000Qn-LM@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:089
http://www.mandriva.com/security/
_______________________________________________________________________
Package : opensc
Date : April 9, 2009
Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
OpenSC before 0.11.7 allows physically proximate attackers to bypass
intended PIN requirements and read private data objects via a (1) low
level APDU command or (2) debugging tool, as demonstrated by reading
the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
The updated packages fix the issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
5f239515eac39547b0c9f41c6fa73411 2008.0/i586/libopensc2-0.11.3-2.2mdv2008.0.i586.rpm
25444defa5ae336f6053135299686612 2008.0/i586/libopensc-devel-0.11.3-2.2mdv2008.0.i586.rpm
98a08ef44e9284dc53982e232dbcbd6f 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.i586.rpm
017d9c1dbc1c064a7aaadd5a63d7a496 2008.0/i586/opensc-0.11.3-2.2mdv2008.0.i586.rpm
c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
ff3a14e7ceb98e30edfd56443c0829d0 2008.0/x86_64/lib64opensc2-0.11.3-2.2mdv2008.0.x86_64.rpm
9ffad75feeeb3e9edf4ea7c0a3123ec9 2008.0/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.0.x86_64.rpm
9134f93d7faeaa3d672e42d107068fbc 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.x86_64.rpm
23660b061c276ec1ed2a77c60a191229 2008.0/x86_64/opensc-0.11.3-2.2mdv2008.0.x86_64.rpm
c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
8cb99452e878b5f371f592f22e28f12d 2008.1/i586/libopensc2-0.11.3-2.2mdv2008.1.i586.rpm
f3112256e1fa360eb29e890b530d73dd 2008.1/i586/libopensc-devel-0.11.3-2.2mdv2008.1.i586.rpm
70747b6fefb3792e7ef43c99b3e6fd76 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.i586.rpm
f816da7b83e65909776040c9ae93a456 2008.1/i586/opensc-0.11.3-2.2mdv2008.1.i586.rpm
028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
839774a8b6765ef0a1db6a80187e44cc 2008.1/x86_64/lib64opensc2-0.11.3-2.2mdv2008.1.x86_64.rpm
1292b5f9b985155c45d017c9d491d979 2008.1/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.1.x86_64.rpm
18b47407a2ef4e0bda7c79eef0055ba3 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.x86_64.rpm
92489f4d1be33ac711de922e84f5847d 2008.1/x86_64/opensc-0.11.3-2.2mdv2008.1.x86_64.rpm
028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
3c873d88bfc728f3c6e566bb27caa60a 2009.0/i586/libopensc2-0.11.7-0.1mdv2009.0.i586.rpm
12259488d9315c8e9a85e38259b3e4ae 2009.0/i586/libopensc-devel-0.11.7-0.1mdv2009.0.i586.rpm
543095148af4a557a7e4c8f0674cb651 2009.0/i586/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.i586.rpm
b97aa305b656629979bf64aea14bb595 2009.0/i586/opensc-0.11.7-0.1mdv2009.0.i586.rpm
391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
44a05f6ad6ff9913422b1fdb79c61745 2009.0/x86_64/lib64opensc2-0.11.7-0.1mdv2009.0.x86_64.rpm
33960dc36d0db21e71ce6693fb52915e 2009.0/x86_64/lib64opensc-devel-0.11.7-0.1mdv2009.0.x86_64.rpm
37aa2c61aa7ff43e9a0d48d69e082169 2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.x86_64.rpm
6b906a1e884c002eb91cb744b1c70290 2009.0/x86_64/opensc-0.11.7-0.1mdv2009.0.x86_64.rpm
391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm
Corporate 4.0:
710b784731ba6ce9e2f7474d5190a864 corporate/4.0/i586/libopensc2-0.10.1-2.2.20060mlcs4.i586.rpm
68cbe67c1a03defb2f0e80aa738b808e corporate/4.0/i586/libopensc2-devel-0.10.1-2.2.20060mlcs4.i586.rpm
5735d95135f72f10f0e26453afd25080 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.i586.rpm
91502589d130ad3b5cb347804286a5da corporate/4.0/i586/opensc-0.10.1-2.2.20060mlcs4.i586.rpm
a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4d17dddf9cf837593ded74d5707e6227 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.2.20060mlcs4.x86_64.rpm
88cd0ade0e38454db2aad29a19ba9418 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.2.20060mlcs4.x86_64.rpm
33732581d211c93a5793e860222b7042 corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm
41c99e7b2d5d6da50872aedb1d5b3501 corporate/4.0/x86_64/opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm
a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ3n4AmqjQ0CJFipgRAv5sAJ904FF0NsEQBEum8/vpzfTKtfxTEgCgvSwi
KP+gV5439hIBiqh2qQi8gVg=
=TJ3g
-----END PGP SIGNATURE-----