Low CentOS ccid Update


ccid-1.3.9-6.el6.i686.rpm, ccid-1.3.9-6.el6.src.rpm, ccid-1.3.9-6.el6.x86_64.rpm
rhn.redhat.com, lists.centos.org, lists.centos.org
2018-01-18 11:05
2017-07-27 19:05
2017-04-01 19:06
2017-01-05 20:10


An updated ccid package that fixes one security issue and one bug are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Chip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this

An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card's serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)

This update also fixes the following bug:

* Previously, CCID only recognized smart cards with 5V power supply. With
this update, CCID also supports smart cards with different power supply.

All users of ccid are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 ccid ccid-1.3.9-6.el6.i686.rpm
ccid ccid-1.3.9-6.el6.src.rpm
ccid ccid-1.3.9-6.el6.x86_64.rpm