Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 18.04: USN-4276-1 Critical: Yubico PIV Tool Input Flaws

ubuntu
Calendar Grey February 11, 2020
Dist Ubuntu Esm H88
Yubico PIV Tool weaknesses might lead to system crashes or unauthorized administrative access on Ubuntu platforms. An update is advised.
Yubico PIV Tool could be made to crash or run programs as an administrator if it received specially crafted input.

Summary

Yubico PIV Tool could be made to crash or run programs as an administrator if it

received specially crafted input.

Software Description:

- yubico-piv-tool: Command line tool for the YubiKey PIV applet

Details:

It was discovered that libykpiv, a supporting library of the Yubico PIV

Tool and YubiKey PIV Manager, mishandled specially crafted input. An

attacker with a custom-made, malicious USB device could potentially execute

arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV

Manager.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libykpiv1                       1.4.2-2ubuntu0.1
  ykcs11                          1.4.2-2ubuntu0.1
  yubico-piv-tool                 1.4.2-2ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4276-1

CVE-2018-14779, CVE-2018-14780

Severity
critical
Lowest
Low
Medium
High
Critical

February 11, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here