USN-7059-1: OATH Toolkit vulnerability
9 October 2024
oath-toolkit could be made overwrite files as the administrator.
Releases
Packages
- oath-toolkit - Development files for the OATH Toolkit Liboath library
Details
Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
Ubuntu 22.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7059-2: liboath-dev, libpam-oath, oath-toolkit, libpskc-dev, liboath0t64, oathtool, libpskc0t64, pskctool