Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2017-0026)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2017.0026

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2017-0026)

Zusammenfassung: The remote host is missing an update for the 'pcsc-lite' package(s) announced via the MGASA-2017-0026 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'pcsc-lite' package(s) announced via the MGASA-2017-0026 advisory.

Vulnerability Insight:
Once MSGRemoveContext is invoked (via SCARD_RELEASE_CONTEXT), cardsList
is freed. A repeated invocation of SCARD_RELEASE_CONTEXT (with an empty
context handle) results in a use-after-free followed by a double-free.

After MSGRemoveContext, invocation of SCardEstablishContext enable
further use-after-free of cardsList in MSGCheckHandleAssociation,
MSGRemoveContext, MSGAddHandle, MSGRemoveHandle.

To avoid this problem, destroy the list only when the client connection
is terminated. (CVE-2016-10109)

Affected Software/OS:
'pcsc-lite' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-10109
BugTraq ID: 95263
http://www.securityfocus.com/bid/95263
Debian Security Information: DSA-3752 (Google Search)
http://www.debian.org/security/2017/dsa-3752
https://security.gentoo.org/glsa/201702-01
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
http://www.openwall.com/lists/oss-security/2017/01/03/3
https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html
http://www.ubuntu.com/usn/USN-3176-1

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2017.0026
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2017-0026)
Zusammenfassung:	The remote host is missing an update for the 'pcsc-lite' package(s) announced via the MGASA-2017-0026 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'pcsc-lite' package(s) announced via the MGASA-2017-0026 advisory. Vulnerability Insight: Once MSGRemoveContext is invoked (via SCARD_RELEASE_CONTEXT), cardsList is freed. A repeated invocation of SCARD_RELEASE_CONTEXT (with an empty context handle) results in a use-after-free followed by a double-free. After MSGRemoveContext, invocation of SCardEstablishContext enable further use-after-free of cardsList in MSGCheckHandleAssociation, MSGRemoveContext, MSGAddHandle, MSGRemoveHandle. To avoid this problem, destroy the list only when the client connection is terminated. (CVE-2016-10109) Affected Software/OS: 'pcsc-lite' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-10109 BugTraq ID: 95263 http://www.securityfocus.com/bid/95263 Debian Security Information: DSA-3752 (Google Search) http://www.debian.org/security/2017/dsa-3752 https://security.gentoo.org/glsa/201702-01 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E http://www.openwall.com/lists/oss-security/2017/01/03/3 https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html http://www.ubuntu.com/usn/USN-3176-1
Copyright	Copyright (C) 2022 Greenbone AG