=========================================================================Ubuntu Security Notice USN-4276-1
February 11, 2020

Yubico PIV Tool vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Yubico PIV Tool could be made to crash or run programs as an administrator if it
received specially crafted input.

Software Description:
- yubico-piv-tool: Command line tool for the YubiKey PIV applet

Details:

It was discovered that libykpiv, a supporting library of the Yubico PIV
Tool and YubiKey PIV Manager, mishandled specially crafted input. An
attacker with a custom-made, malicious USB device could potentially execute
arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV
Manager.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libykpiv1                       1.4.2-2ubuntu0.1
  ykcs11                          1.4.2-2ubuntu0.1
  yubico-piv-tool                 1.4.2-2ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-4276-1
  CVE-2018-14779, CVE-2018-14780

Package Information:
  https://launchpad.net/ubuntu/+source/yubico-piv-tool/1.4.2-2ubuntu0.1

Ubuntu 4276-1: Yubico PIV Tool vulnerabilities

February 11, 2020
Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input.

Summary

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: libykpiv1 1.4.2-2ubuntu0.1 ykcs11 1.4.2-2ubuntu0.1 yubico-piv-tool 1.4.2-2ubuntu0.1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4276-1

CVE-2018-14779, CVE-2018-14780

Severity
February 11, 2020

Package Information

https://launchpad.net/ubuntu/+source/yubico-piv-tool/1.4.2-2ubuntu0.1

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo