UbuntuUpdates.org

Package "yubico-piv-tool"

Name: yubico-piv-tool

Description:

Command line tool for the YubiKey PIV applet

Latest version: 1.4.2-2ubuntu0.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: https://developers.yubico.com/yubico-piv-tool/

Links


Download "yubico-piv-tool"


Other versions of "yubico-piv-tool" in Bionic

Repository Area Version
base universe 1.4.2-2
updates universe 1.4.2-2ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.2-2ubuntu0.1 2020-02-11 15:06:26 UTC

  yubico-piv-tool (1.4.2-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Improper bounds checking leading to buffer overflow and
    out-of-bounds read
    - debian/patches/CVE-2018-14779: in ykpiv_transfer_data() handle overflow
      by exiting
    - debian/patches/CVE-2018-14780: in ykpiv_fetch_object() handle bogus
      length by returning
    - CVE-2018-14779
    - CVE-2018-14780

 -- Mike Salvatore <email address hidden> Thu, 06 Feb 2020 17:13:56 -0500

CVE-2018-14779 A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `yk
CVE-2018-14780 An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function



About   -   Send Feedback to @ubuntu_updates