You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa Yubico PIV Tool

Sigurnosni nedostaci programskog paketa Yubico PIV Tool

==========================================================================
Ubuntu Security Notice USN-4276-1
February 11, 2020

Yubico PIV Tool vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.04 LTS

Summary:

Yubico PIV Tool could be made to crash or run programs as an administrator if it
received specially crafted input.

Software Description:
– yubico-piv-tool: Command line tool for the YubiKey PIV applet

Details:

It was discovered that libykpiv, a supporting library of the Yubico PIV
Tool and YubiKey PIV Manager, mishandled specially crafted input. An
attacker with a custom-made, malicious USB device could potentially execute
arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV
Manager.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
libykpiv1 1.4.2-2ubuntu0.1
ykcs11 1.4.2-2ubuntu0.1
yubico-piv-tool 1.4.2-2ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/4276-1
CVE-2018-14779, CVE-2018-14780

Package Information:
https://launchpad.net/ubuntu/+source/yubico-piv-tool/1.4.2-2ubuntu0.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEwZbe96kJeWh2OITRdyg1Qz0oXX0FAl5Cy8EACgkQdyg1Qz0o
XX0NWQ/7BrBJ4nlTarRtjSIihzeuc86N7HAafvW11OXoZ4M60rWeNfCfvxOe+PfJ
kLLFEc7SU4wRx+g15wggWkRFechyUipSyLv0q/slqRv+QnJi6gJihVwU4kKn0j7V
EpFZKpZKg2tx5kNqLWXoRDijh6Cj0w+P9U6JPZ9n/y8XVZg/WugtpZYhwoPNfz2u
X4mEjqnJyZfvKaAVSUeZRCAP+Yt+1D1zeMLz21Acp3/r07NqOXrvr/84+27zQ+3e
TIPQ+IsVdV93R80JbCzuOm+K4LfI+xcUQqmSh8MU0UuiKu1o1J6yjuxKr2/wbt0m
IcO3VmcOf3FiT0uZGwo0z1T0UQZHctF/nABGqvpqB80Knl2NM+rKyht5KH3R/ubw
O0S4AHjfXIa14hQESiXebju33qO5aqV3qyZaqVQykfQd0Hh2YS6TTqvSQIeIYvLD
1jyV5JUucFl5xFqd0BxLN188wTEKf7CziQgQkIyDre59C30tFMN7L3jSkvFHPbL7
7VPxlJbvvygYAYeDDBMlX04oMXPbun+JfQdrWiq6RckbkxYSmsnr1hMEgPJdTtap
1gVplVogJ+J5mWZFQHhPJBuz+JPULTtgcSJQWZVbS+t0MHB/d68ImIBrpT0pFEw8
aoft0ZJxSQkzXhA88BtjgpkOU14DcfvKl9022ykd8uyHg0XiZzY=
=zTgn
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libexif

Otkriveni su sigurnosni nedostaci programske biblioteke libexif za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje...

Close