From 421958ec46d31d1594fd9efe65adf96f05049261 Mon Sep 17 00:00:00 2001 From: junovitch Date: Tue, 10 Jan 2017 03:13:52 +0000 Subject: Mention pcsc-lite CVE (it was in next message in cited URL) While here, fix spacing PR: 215834 --- security/vuxml/vuln.xml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e13896ffacab..2f435c68338c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -273,29 +273,30 @@ Notes: Use-After-Free Vulnerability in pcsc-lite - pcsc-lite - 1.6.01.8.20 + pcsc-lite + 1.6.01.8.20 -

Peter Wu on Openwall mailing-list reports:

-
-

The issue allows a local attacker to cause a Denial of Service, - but can potentially result in Privilege Escalation since - the daemon is running as root. while any local user can - connect to the Unix socket. - Fixed by patch which is released with hpcsc-lite 1.8.20.

-
+

Peter Wu on Openwall mailing-list reports:

+
+

The issue allows a local attacker to cause a Denial of Service, + but can potentially result in Privilege Escalation since + the daemon is running as root. while any local user can + connect to the Unix socket. + Fixed by patch which is released with hpcsc-lite 1.8.20.

+
+ CVE-2016-10109 http://www.openwall.com/lists/oss-security/2017/01/03/2 2017-01-03 2017-01-06 - 2017-01-09 + 2017-01-10 -- cgit