USN-7059-2: OATH Toolkit vulnerability
17 October 2024
OATH Toolkit could be made to overwrite files as the administrator.
Releases
Packages
- oath-toolkit - Development files for the OATH Toolkit Liboath library
Details
USN-7059-1 fixed a vulnerability in OATH Toolkit library. This
update provides the corresponding update for Ubuntu 24.10.
Original advisory details:
Fabian Vogt discovered that OATH Toolkit incorrectly handled file
permissions. A remote attacker could possibly use this issue to
overwrite root owned files, leading to a privilege escalation attack.
(CVE-2024-47191)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7059-1: libpam-oath, liboath0t64, liboath0, libpskc0t64, oath-toolkit, oathtool, pskctool, libpskc-dev, liboath-dev, libpskc0