(RHSA-2013:1323) Low: ccid security and bug fix update

Chip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this
standard.

An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card’s serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)

This update also fixes the following bug:

• The pcscd service failed to read from the SafeNet Smart Card 650 v1 when
  it was inserted into a smart card reader. The operation failed with a
  “IFDHPowerICC() PowerUp failed” error message. This was due to the card
  taking a long time to respond with a full Answer To Reset (ATR) request,
  which lead to a timeout, causing the card to fail to power up. This update
  increases the timeout value so that the aforementioned request is processed
  properly, and the card is powered on as expected. (BZ#907821)

All ccid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.