|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:089 http://www.mandriva.com/security/ _______________________________________________________________________ Package : opensc Date : April 9, 2009 Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 _______________________________________________________________________ Problem Description: OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. The updated packages fix the issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0368 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5f239515eac39547b0c9f41c6fa73411 2008.0/i586/libopensc2-0.11.3-2.2mdv2008.0.i586.rpm 25444defa5ae336f6053135299686612 2008.0/i586/libopensc-devel-0.11.3-2.2mdv2008.0.i586.rpm 98a08ef44e9284dc53982e232dbcbd6f 2008.0/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.i586.rpm 017d9c1dbc1c064a7aaadd5a63d7a496 2008.0/i586/opensc-0.11.3-2.2mdv2008.0.i586.rpm c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: ff3a14e7ceb98e30edfd56443c0829d0 2008.0/x86_64/lib64opensc2-0.11.3-2.2mdv2008.0.x86_64.rpm 9ffad75feeeb3e9edf4ea7c0a3123ec9 2008.0/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.0.x86_64.rpm 9134f93d7faeaa3d672e42d107068fbc 2008.0/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.0.x86_64.rpm 23660b061c276ec1ed2a77c60a191229 2008.0/x86_64/opensc-0.11.3-2.2mdv2008.0.x86_64.rpm c85bf396c067679cb6c312a1a34498db 2008.0/SRPMS/opensc-0.11.3-2.2mdv2008.0.src.rpm Mandriva Linux 2008.1: 8cb99452e878b5f371f592f22e28f12d 2008.1/i586/libopensc2-0.11.3-2.2mdv2008.1.i586.rpm f3112256e1fa360eb29e890b530d73dd 2008.1/i586/libopensc-devel-0.11.3-2.2mdv2008.1.i586.rpm 70747b6fefb3792e7ef43c99b3e6fd76 2008.1/i586/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.i586.rpm f816da7b83e65909776040c9ae93a456 2008.1/i586/opensc-0.11.3-2.2mdv2008.1.i586.rpm 028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 839774a8b6765ef0a1db6a80187e44cc 2008.1/x86_64/lib64opensc2-0.11.3-2.2mdv2008.1.x86_64.rpm 1292b5f9b985155c45d017c9d491d979 2008.1/x86_64/lib64opensc-devel-0.11.3-2.2mdv2008.1.x86_64.rpm 18b47407a2ef4e0bda7c79eef0055ba3 2008.1/x86_64/mozilla-plugin-opensc-0.11.3-2.2mdv2008.1.x86_64.rpm 92489f4d1be33ac711de922e84f5847d 2008.1/x86_64/opensc-0.11.3-2.2mdv2008.1.x86_64.rpm 028a72bb7eeb49cbd8b5af3f80bdcecc 2008.1/SRPMS/opensc-0.11.3-2.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 3c873d88bfc728f3c6e566bb27caa60a 2009.0/i586/libopensc2-0.11.7-0.1mdv2009.0.i586.rpm 12259488d9315c8e9a85e38259b3e4ae 2009.0/i586/libopensc-devel-0.11.7-0.1mdv2009.0.i586.rpm 543095148af4a557a7e4c8f0674cb651 2009.0/i586/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.i586.rpm b97aa305b656629979bf64aea14bb595 2009.0/i586/opensc-0.11.7-0.1mdv2009.0.i586.rpm 391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 44a05f6ad6ff9913422b1fdb79c61745 2009.0/x86_64/lib64opensc2-0.11.7-0.1mdv2009.0.x86_64.rpm 33960dc36d0db21e71ce6693fb52915e 2009.0/x86_64/lib64opensc-devel-0.11.7-0.1mdv2009.0.x86_64.rpm 37aa2c61aa7ff43e9a0d48d69e082169 2009.0/x86_64/mozilla-plugin-opensc-0.11.7-0.1mdv2009.0.x86_64.rpm 6b906a1e884c002eb91cb744b1c70290 2009.0/x86_64/opensc-0.11.7-0.1mdv2009.0.x86_64.rpm 391234fd292dbbe9c9cf0bae990ca961 2009.0/SRPMS/opensc-0.11.7-0.1mdv2009.0.src.rpm Corporate 4.0: 710b784731ba6ce9e2f7474d5190a864 corporate/4.0/i586/libopensc2-0.10.1-2.2.20060mlcs4.i586.rpm 68cbe67c1a03defb2f0e80aa738b808e corporate/4.0/i586/libopensc2-devel-0.10.1-2.2.20060mlcs4.i586.rpm 5735d95135f72f10f0e26453afd25080 corporate/4.0/i586/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.i586.rpm 91502589d130ad3b5cb347804286a5da corporate/4.0/i586/opensc-0.10.1-2.2.20060mlcs4.i586.rpm a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 4d17dddf9cf837593ded74d5707e6227 corporate/4.0/x86_64/lib64opensc2-0.10.1-2.2.20060mlcs4.x86_64.rpm 88cd0ade0e38454db2aad29a19ba9418 corporate/4.0/x86_64/lib64opensc2-devel-0.10.1-2.2.20060mlcs4.x86_64.rpm 33732581d211c93a5793e860222b7042 corporate/4.0/x86_64/mozilla-plugin-opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm 41c99e7b2d5d6da50872aedb1d5b3501 corporate/4.0/x86_64/opensc-0.10.1-2.2.20060mlcs4.x86_64.rpm a6db7e426ac61da00de18480b00f360c corporate/4.0/SRPMS/opensc-0.10.1-2.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ3n4AmqjQ0CJFipgRAv5sAJ904FF0NsEQBEum8/vpzfTKtfxTEgCgvSwi KP+gV5439hIBiqh2qQi8gVg=TJ3g -----END PGP SIGNATURE-----