1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • Yubico PIV Tool vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Tuesday, February 11, 2020 12:10:02
    Yubico PIV Tool vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 18.04 LTS

    Summary

    Yubico PIV Tool could be made to crash or run programs as an
    administrator if it received specially crafted input.

    Software Description

    * yubico-piv-tool - Command line tool for the YubiKey PIV applet

    Details

    It was discovered that libykpiv, a supporting library of the
    Yubico PIV Tool and YubiKey PIV Manager, mishandled specially
    crafted input. An attacker with a custom-made, malicious USB
    device could potentially execute arbitrary code on a computer
    running the Yubico PIV Tool or Yubikey PIV Manager.

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 18.04 LTS
    libykpiv1 - 1.4.2-2ubuntu0.1
    ykcs11 - 1.4.2-2ubuntu0.1
    yubico-piv-tool - 1.4.2-2ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    After a standard system update you need to reboot your computer to
    make all the necessary changes.

    References

    * CVE-2018-14779
    * CVE-2018-14780

    --- Mystic BBS v1.12 A44 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)