Your message dated Mon, 27 Dec 2010 02:00:41 +0000
with message-id <[email protected]>
and subject line Bug#607427: fixed in opensc 0.11.4-5+lenny1.1
has caused the Debian Bug report #607427,
regarding libopensc: CVE-2010-4523: buffer overflow from rogue cards
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607427: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: opensc
Version: 0.11.13-1
Severity: grave
Tags: patch security
Justification: user security hole
User: [email protected]
Usertags: origin-ubuntu natty ubuntu-patch
In Ubuntu, the attached patch was applied to achieve the following:
* SECURITY UPDATE: specially crafted cards may be able to execute code.
- debian/patches/min-max.patch: Add MIN and MAX macros for last patch
- debian/patches/buffer-overflow.patch: Fix potential buffer overflow
by rogue cards. (LP: #692483)
This is upstream changesets:
https://www.opensc-project.org/opensc/changeset/4912
https://www.opensc-project.org/opensc/changeset/4913
This was originally submitted as an Ubuntu bug in:
https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
This does not currently have a CVE assigned. Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-10-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru opensc-0.11.13/debian/changelog opensc-0.11.13/debian/changelog
diff -Nru opensc-0.11.13/debian/patches/buffer-overflow.patch opensc-0.11.13/debian/patches/buffer-overflow.patch
--- opensc-0.11.13/debian/patches/buffer-overflow.patch 1969-12-31 18:00:00.000000000 -0600
+++ opensc-0.11.13/debian/patches/buffer-overflow.patch 2010-12-21 08:02:31.000000000 -0600
@@ -0,0 +1,48 @@
+## Description: Fix buffer overflow
+## Origin: upstream, https://www.opensc-project.org/opensc/changeset/4913
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
+Index: opensc-0.11.13/src/libopensc/card-acos5.c
+===================================================================
+--- opensc-0.11.13.orig/src/libopensc/card-acos5.c 2010-12-21 09:50:31.963758002 +0100
++++ opensc-0.11.13/src/libopensc/card-acos5.c 2010-12-21 09:50:28.265608001 +0100
+@@ -140,8 +140,8 @@
+ /*
+ * Cache serial number.
+ */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+
+ /*
+ * Copy and return serial number.
+Index: opensc-0.11.13/src/libopensc/card-atrust-acos.c
+===================================================================
+--- opensc-0.11.13.orig/src/libopensc/card-atrust-acos.c 2010-12-21 09:50:31.903788002 +0100
++++ opensc-0.11.13/src/libopensc/card-atrust-acos.c 2010-12-21 09:50:28.265608001 +0100
+@@ -853,8 +853,8 @@
+ if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+ return SC_SUCCESS;
+Index: opensc-0.11.13/src/libopensc/card-starcos.c
+===================================================================
+--- opensc-0.11.13.orig/src/libopensc/card-starcos.c 2010-12-21 09:50:32.043718002 +0100
++++ opensc-0.11.13/src/libopensc/card-starcos.c 2010-12-21 09:50:28.265608001 +0100
+@@ -1289,8 +1289,8 @@
+ if (apdu.sw1 != 0x90 || apdu.sw2 != 0x00)
+ return SC_ERROR_INTERNAL;
+ /* cache serial number */
+- memcpy(card->serialnr.value, apdu.resp, apdu.resplen);
+- card->serialnr.len = apdu.resplen;
++ memcpy(card->serialnr.value, apdu.resp, MIN(apdu.resplen, SC_MAX_SERIALNR));
++ card->serialnr.len = MIN(apdu.resplen, SC_MAX_SERIALNR);
+ /* copy and return serial number */
+ memcpy(serial, &card->serialnr, sizeof(*serial));
+ return SC_SUCCESS;
diff -Nru opensc-0.11.13/debian/patches/min-max.patch opensc-0.11.13/debian/patches/min-max.patch
--- opensc-0.11.13/debian/patches/min-max.patch 1969-12-31 18:00:00.000000000 -0600
+++ opensc-0.11.13/debian/patches/min-max.patch 2010-12-21 08:02:31.000000000 -0600
@@ -0,0 +1,39 @@
+## Description: Add MIN and MAX macros for buffer overflow patch
+## Origin: upstream, https://www.opensc-project.org/opensc/changeset/4912
+## Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/692483
+Index: opensc-0.11.13/src/libopensc/internal.h
+===================================================================
+--- opensc-0.11.13.orig/src/libopensc/internal.h 2010-12-21 09:51:32.763343000 +0100
++++ opensc-0.11.13/src/libopensc/internal.h 2010-12-21 09:51:29.894778002 +0100
+@@ -48,6 +48,13 @@
+ #else
+ #define msleep(t) Sleep(t)
+ #define sleep(t) Sleep((t) * 1000)
++#endif
++
++#ifndef MAX
++#define MAX(x, y) (((x) > (y)) ? (x) : (y))
++#endif
++#ifndef MIN
++#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+ #endif
+
+ struct sc_atr_table {
+Index: opensc-0.11.13/src/libopensc/muscle.c
+===================================================================
+--- opensc-0.11.13.orig/src/libopensc/muscle.c 2010-12-21 09:51:32.693378000 +0100
++++ opensc-0.11.13/src/libopensc/muscle.c 2010-12-21 09:51:29.894778002 +0100
+@@ -28,13 +28,6 @@
+ #define MSC_DSA_PUBLIC 0x04
+ #define MSC_DSA_PRIVATE 0x05
+
+-#ifndef MAX
+-#define MAX(x, y) (((x) > (y)) ? (x) : (y))
+-#endif
+-#ifndef MIN
+-#define MIN(x, y) (((x) < (y)) ? (x) : (y))
+-#endif
+-
+ static msc_id inputId = { { 0xFF, 0xFF, 0xFF, 0xFF } };
+ static msc_id outputId = { { 0xFF, 0xFF, 0xFF, 0xFE } };
+
diff -Nru opensc-0.11.13/debian/patches/series opensc-0.11.13/debian/patches/series
--- opensc-0.11.13/debian/patches/series 2010-12-20 08:52:25.000000000 -0600
+++ opensc-0.11.13/debian/patches/series 2010-12-21 08:02:31.000000000 -0600
@@ -1,3 +1,5 @@
debian-changes
fix-storing-key-on-entersafe
missing-libs.patch
+buffer-overflow.patch
+min-max.patch
--- End Message ---
--- Begin Message ---
Source: opensc
Source-Version: 0.11.4-5+lenny1.1
We believe that the bug you reported is fixed in the latest version of
opensc, which is due to be installed in the Debian FTP archive:
libopensc2-dbg_0.11.4-5+lenny1.1_amd64.deb
to main/o/opensc/libopensc2-dbg_0.11.4-5+lenny1.1_amd64.deb
libopensc2-dev_0.11.4-5+lenny1.1_amd64.deb
to main/o/opensc/libopensc2-dev_0.11.4-5+lenny1.1_amd64.deb
libopensc2_0.11.4-5+lenny1.1_amd64.deb
to main/o/opensc/libopensc2_0.11.4-5+lenny1.1_amd64.deb
mozilla-opensc_0.11.4-5+lenny1.1_amd64.deb
to main/o/opensc/mozilla-opensc_0.11.4-5+lenny1.1_amd64.deb
opensc_0.11.4-5+lenny1.1.diff.gz
to main/o/opensc/opensc_0.11.4-5+lenny1.1.diff.gz
opensc_0.11.4-5+lenny1.1.dsc
to main/o/opensc/opensc_0.11.4-5+lenny1.1.dsc
opensc_0.11.4-5+lenny1.1_amd64.deb
to main/o/opensc/opensc_0.11.4-5+lenny1.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <[email protected]> (supplier of updated opensc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Dec 2010 15:32:16 +0000
Source: opensc
Binary: opensc libopensc2-dev libopensc2 libopensc2-dbg mozilla-opensc
Architecture: source amd64
Version: 0.11.4-5+lenny1.1
Distribution: stable
Urgency: high
Maintainer: Eric Dorland <[email protected]>
Changed-By: Jonathan Wiltshire <[email protected]>
Description:
libopensc2 - SmartCard library with support for PKCS#15 compatible smart cards
libopensc2-dbg - debugging symbols for libopensc2
libopensc2-dev - OpenSC development files
mozilla-opensc - Mozilla plugin for authentication using OpenSC
opensc - SmartCard utilities with support for PKCS#15 compatible cards
Closes: 607427
Changes:
opensc (0.11.4-5+lenny1.1) stable; urgency=high
.
* Non-maintainer upload.
* CVE-2010-4523: Protect against buffer overflow from rogue cards
(closes: #607427)
Checksums-Sha1:
98ea7e71bde87d80482c82bd4406965fad839395 1988 opensc_0.11.4-5+lenny1.1.dsc
b22c5005c2832616868d76be4d2b28e022d33106 60305 opensc_0.11.4-5+lenny1.1.diff.gz
fbdf15c7e4d8c0202d8080e364ea46b8673441d7 389488
opensc_0.11.4-5+lenny1.1_amd64.deb
1875b7e91562087b2b7cdf58ee8d6feb219dff94 1220944
libopensc2-dev_0.11.4-5+lenny1.1_amd64.deb
fa0519a810166f8fbb21e41f224c09eb69860a2d 599580
libopensc2_0.11.4-5+lenny1.1_amd64.deb
6a764c51d9aa577ad583e646d8ac99f25e4b0cba 1249982
libopensc2-dbg_0.11.4-5+lenny1.1_amd64.deb
b19adfcfdcb09ade7b66a77e1e024805a746215e 170792
mozilla-opensc_0.11.4-5+lenny1.1_amd64.deb
Checksums-Sha256:
4cd49a1728aaef3d714b2958b3086ea834cac37601c67af145aa4209d678a0b1 1988
opensc_0.11.4-5+lenny1.1.dsc
83c15ebd38b2b489528b7c35b4399eb1bedb4510770879119f5cdc4dffbeffb3 60305
opensc_0.11.4-5+lenny1.1.diff.gz
4ddd9d85dec3879aad07fec2a7b8c5e4555a71f86e6cf83796aa518171eb57d7 389488
opensc_0.11.4-5+lenny1.1_amd64.deb
21e8377b7eba65faed574337df08fb5a8572f2500655b1cb950b4d71d8ab22bf 1220944
libopensc2-dev_0.11.4-5+lenny1.1_amd64.deb
b240b8d0d29dba797308d862fb54b7584315cfd1d5cff017937c8278ec59d1e5 599580
libopensc2_0.11.4-5+lenny1.1_amd64.deb
b4cccde2327d36503963cee31677f45967ae35a38dea79f90a04644e566b98ff 1249982
libopensc2-dbg_0.11.4-5+lenny1.1_amd64.deb
b305a65d67ef6c4097e7ab65144edfe6a6a4918eda47f65e5eee374badbfd985 170792
mozilla-opensc_0.11.4-5+lenny1.1_amd64.deb
Files:
99f48e9c291e8383eadeb8c4db64e11d 1988 utils extra opensc_0.11.4-5+lenny1.1.dsc
49ca668f31879fa504a382e3c7f557fb 60305 utils extra
opensc_0.11.4-5+lenny1.1.diff.gz
0b77f6fce55008e895d88ce0adca3cf4 389488 utils extra
opensc_0.11.4-5+lenny1.1_amd64.deb
3caedc1e97393bea324158d3b61992f4 1220944 libdevel optional
libopensc2-dev_0.11.4-5+lenny1.1_amd64.deb
58de77cd72b3d4acf5607787ab4eb600 599580 libs optional
libopensc2_0.11.4-5+lenny1.1_amd64.deb
2e7f3b751a673e6979e2234181f06a99 1249982 devel extra
libopensc2-dbg_0.11.4-5+lenny1.1_amd64.deb
9751554fd792a68e8a811b46eb5255ae 170792 web extra
mozilla-opensc_0.11.4-5+lenny1.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNF7IcAAoJEFOUR53TUkxR3e0P/icV2BHGi/VCMbNOf/IrEuzu
6wNV5rTs1HcaYoNDbcHae/+xTnrVaWycn390GJYqPtBtfEsuRvdXS/guCAK3Yq4S
LwIjHO/XVDIxGKF/GansZ7zicmQVBYu343OGdPBJbwRe+l04XHTxLSG43IPh/AV0
RpDIMN/24utf3O2QHXCSud2ks3FLg4u7uUB4RNIHyJXoBKJD9xNlcPJrky2B4RGa
aWZdgRdXtqbs0itATC82s6NAkcMb9m4uHv86vW4Tl3aIqeYnjPyUx2xCbRsclH+h
1AU6dy8c4UNj0Jh/buRmvF+afl28T2i5oEblRC47cd57ok5c+dRyQ0BnPyMVLZdX
mQM4mnurvDpXpjPd6Jm6uDo6Gkty/FQ4i19Oy+FWDxyfwh2ukpB2wYsCUUk71QYc
w/CDTYYeYLg0+fuCrrNA8wg83EB3k4z3I5bB8vFwdAEj5AJ4K5EeMTZ6pJQh4LGP
uwhqGJwWl2Ni/H0zcZhzwQxikv0K+WOhIQkbmJFcsVK5isCQWXHHeFLOdrcjEeOx
oW7KlVtBNjTiGEYSoBzrvX+nPtZG4TrJlVb5AKKLULWXqHeC0aFNoo/xJcuWilCz
VxEQo47u+Upq9FgImJ67cPuoo5gO+6LoPp5jmnAlQ6qgFbtEXOstKCjfkjgVkKdb
1JE9LUrdiZie3v4BbSck
=6nYn
-----END PGP SIGNATURE-----
--- End Message ---
