Описание
Security update for pcsc-lite
pcsc-lite was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-10109: This use-after-free and double-free issue allowed local attacker to cause a Denial of Service and possible privilege escalation (bsc#1017902).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libpcsclite1-1.8.10-6.1
libpcsclite1-32bit-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server 12 SP1
libpcsclite1-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server 12 SP2
libpcsclite1-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libpcsclite1-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libpcsclite1-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libpcsclite1-1.8.10-6.1
pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libpcscspy0-1.8.10-6.1
pcsc-lite-devel-1.8.10-6.1
SUSE Linux Enterprise Workstation Extension 12 SP1
libpcsclite1-32bit-1.8.10-6.1
SUSE Linux Enterprise Workstation Extension 12 SP2
libpcsclite1-32bit-1.8.10-6.1
Ссылки
- Link for SUSE-SU-2017:0286-1
- E-Mail link for SUSE-SU-2017:0286-1
- SUSE Security Ratings
- SUSE Bug 1017902
- SUSE CVE CVE-2016-10109 page
Описание
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libpcsclite1-1.8.10-6.1
SUSE Linux Enterprise Desktop 12 SP2:libpcsclite1-32bit-1.8.10-6.1
SUSE Linux Enterprise Desktop 12 SP2:pcsc-lite-1.8.10-6.1
SUSE Linux Enterprise Server 12 SP1:libpcsclite1-1.8.10-6.1
Ссылки
- CVE-2016-10109
- SUSE Bug 1017902