UbuntuUpdates.org

Package "oath-toolkit"

Name: oath-toolkit

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Development files for the OATH Toolkit Liboath library
  • OATH Toolkit Liboath library
  • Development files for the OATH Toolkit Libpskc library
  • OATH Toolkit Libpskc library
Latest version: 2.6.11-3ubuntu1
Release: oracular (24.10)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "oath-toolkit" in Oracular

Repository Area Version
base universe 2.6.11-3
base main 2.6.11-3
security universe 2.6.11-3ubuntu1
updates main 2.6.11-3ubuntu1
updates universe 2.6.11-3ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6.11-3ubuntu1 2024-10-17 16:06:48 UTC

  oath-toolkit (2.6.11-3ubuntu1) oracular; urgency=medium

  * SECURITY UPDATE: root escalation in liboath-pam
    - debian/patches/use-fopen-gnu.patch: use gnulib's fopen-gnu
      for cross-platform fopen
    - debian/patches/improve-liboath-usersfile-writing.patch: improve
      liboath usersfile write handling
    - debian/patches/pam_oath-seteuid.patch: drop privs to user when
      usersfile contains ${HOME}
    - CVE-2024-47191
  * Add execute_before_dh_auto_build to debian/rules to prevent man
      pages regenerating

 -- Julia Sarris <email address hidden> Wed, 16 Oct 2024 12:11:17 -0400
CVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root,


About   -   Send Feedback to @ubuntu_updates