Joined: 12 May 2004
|Posted: Sat Jan 25, 2014 4:13 am Post subject: [ GLSA 201401-17 ] PCSC-Lite: Arbitrary code execution
|Gentoo Linux Security Advisory
Title: PCSC-Lite: Arbitrary code execution (GLSA 201401-17)
Date: January 21, 2014
A vulnerability in PCSC-Lite could result in execution of arbitrary
code or Denial of Service.
PCSC-Lite is a PC/SC Architecture smartcard middleware library.
Vulnerable: < 1.6.6
Unaffected: >= 1.6.6
Architectures: All supported architectures
PCSC-Lite contains a stack-based buffer overflow in the ATRDecodeAtr
function in the
Answer-to-Reset Handler (atrhandler.c).
A physically proximate attacker could execute arbitrary code or cause a
Denial of Service condition.
There is no known workaround at this time.
All PCSC-Lite users should upgrade to the latest version:
NOTE: This is a legacy GLSA. Updates for all affected architectures are
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/pcsc-lite-1.6.6"
available since January 10, 2011. It is likely that your system is
already no longer affected by this issue.
Last edited by GLSA on Sat Feb 28, 2015 4:32 am; edited 2 times in total