Yubico PIV Tool could be made to crash or run programs as an administrator if it
received specially crafted input.
Software Description:
- yubico-piv-tool: Command line tool for the YubiKey PIV applet
Details:
It was discovered that libykpiv, a supporting library of the Yubico PIV
Tool and YubiKey PIV Manager, mishandled specially crafted input. An
attacker with a custom-made, malicious USB device could potentially execute
arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV
Manager.
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libykpiv1 1.4.2-2ubuntu0.1 ykcs11 1.4.2-2ubuntu0.1 yubico-piv-tool 1.4.2-2ubuntu0.1 After a standard system update you need to reboot your computer to make all the necessary changes.
https://ubuntu.com/security/notices/USN-4276-1
CVE-2018-14779, CVE-2018-14780
Get the latest Linux and open source security news straight to your inbox.