Bug 20066

Summary: pcsc-lite new security issue CVE-2016-10109
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, mageia, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://lwn.net/Vulnerabilities/710626/
Whiteboard: MGA5-32-OK advisory
Source RPM: pcsc-lite-1.8.16-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2017-01-03 20:06:35 CET 
A CVE has been assigned for a security issue fixed upstream in pcsc-lite:
http://openwall.com/lists/oss-security/2017/01/03/3

The fix is included in 1.8.20, and the upstream commit to fix the issue is linked in the message above.

Mageia 5 is also affected.
David Walser 2017-01-03 20:06:46 CET

Whiteboard: (none) => MGA5TOO

David Walser 2017-01-05 01:40:05 CET

URL: (none) => https://lwn.net/Vulnerabilities/710626/

Comment 1 Sander Lepik 2017-01-05 12:15:15 CET 
I have uploaded a patched package for Mageia 5 and freeze push request is submitted for cauldron.

I have no idea how to test it.

Suggested advisory:
========================

Updated pcsc-lite packages fix security vulnerability:

Once MSGRemoveContext is invoked (via SCARD_RELEASE_CONTEXT), cardsList is freed. A repeated invocation of SCARD_RELEASE_CONTEXT (with an empty context handle) results in a use-after-free followed by a double-free.

After MSGRemoveContext, invocation of SCardEstablishContext enable further use-after-free of cardsList in MSGCheckHandleAssociation, MSGRemoveContext, MSGAddHandle, MSGRemoveHandle.

To avoid this problem, destroy the list only when the client connection is terminated.

References:
http://openwall.com/lists/oss-security/2017/01/03/3
========================

Updated packages in core/updates_testing:
========================
lib(64)pcsclite-devel-1.8.11-4.1.mga5
pcsc-lite-1.8.11-4.1.mga5
lib(64)pcscspy0-1.8.11-4.1.mga5
pcsc-spy-1.8.11-4.1.mga5
pcsc-lite-doc-1.8.11-4.1.mga5
lib(64)pcsclite1-1.8.11-4.1.mga5

Source RPMs:
pcsc-lite-1.8.11-4.1.mga5.src.rpm

Assignee: mageia => qa-bugs

Nicolas Lécureuil 2017-01-05 14:29:45 CET

CC: (none) => mageia
Version: Cauldron => 5
Whiteboard: MGA5TOO => (none)

Comment 2 Herman Viaene 2017-01-11 16:13:04 CET 
MGA5-32 on AcerD620
No installation issues
Installed additionally beid-middleware from repos and eid-viewer from Belgian government site and the eid-viewer read and displayed my eid (electronic identity) card OK.
Sidenote: I am the someone very gratefull who builds the beid-middleware rpm, and asks very humbly whether she/he could do the same for the eid-viewer.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA5-32-OK

Lewis Smith 2017-01-15 13:15:24 CET

CC: (none) => lewyssmith
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory

Comment 3 Lewis Smith 2017-01-27 12:26:06 CET 
@Herman
Thank you for your authentic test.

Given the specialised nature of this update, and Herman's real-life OK, I am validating it.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 4 Mageia Robot 2017-01-27 21:31:47 CET 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0026.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED