UbuntuUpdates.org

Package "oath-toolkit"

Name: oath-toolkit

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • OATH Toolkit libpam_oath PAM module
  • OATH Toolkit oathtool command line tool
  • OATH Toolkit pskctool command line tool

Latest version: 2.6.11-3ubuntu1
Release: oracular (24.10)
Level: updates
Repository: universe

Links



Other versions of "oath-toolkit" in Oracular

Repository Area Version
base universe 2.6.11-3
base main 2.6.11-3
security main 2.6.11-3ubuntu1
security universe 2.6.11-3ubuntu1
updates main 2.6.11-3ubuntu1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6.11-3ubuntu1 2024-10-17 17:06:46 UTC

  oath-toolkit (2.6.11-3ubuntu1) oracular; urgency=medium

  * SECURITY UPDATE: root escalation in liboath-pam
    - debian/patches/use-fopen-gnu.patch: use gnulib's fopen-gnu
      for cross-platform fopen
    - debian/patches/improve-liboath-usersfile-writing.patch: improve
      liboath usersfile write handling
    - debian/patches/pam_oath-seteuid.patch: drop privs to user when
      usersfile contains ${HOME}
    - CVE-2024-47191
  * Add execute_before_dh_auto_build to debian/rules to prevent man
      pages regenerating

 -- Julia Sarris <email address hidden> Wed, 16 Oct 2024 12:11:17 -0400

CVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root,



About   -   Send Feedback to @ubuntu_updates