[ubuntu/bionic-security] yubico-piv-tool 1.4.2-2ubuntu0.1 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Tue Feb 11 13:00:31 UTC 2020
yubico-piv-tool (1.4.2-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Improper bounds checking leading to buffer overflow and
out-of-bounds read
- debian/patches/CVE-2018-14779: in ykpiv_transfer_data() handle overflow
by exiting
- debian/patches/CVE-2018-14780: in ykpiv_fetch_object() handle bogus
length by returning
- CVE-2018-14779
- CVE-2018-14780
Date: 2020-02-10 13:52:29.046365+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
https://launchpad.net/ubuntu/+source/yubico-piv-tool/1.4.2-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list