[ubuntu/jammy-security] oath-toolkit 2.6.7-3ubuntu0.1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Wed Oct 9 13:50:59 UTC 2024


oath-toolkit (2.6.7-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: root escalation in liboath-pam
    - debian/patches/use-fopen-gnu.patch: use gnulib's fopen-gnu
      for cross-platform fopen
    - debian/patches/improve-liboath-usersfile-writing.patch: improve
      liboath usersfile write handling
    - debian/patches/pam_oath-seteuid.patch: drop privs to user when
      usersfile contains ${HOME}
    - CVE-2024-47191
  * Add execute_before_dh_auto_build to debian/rules to prevent man
      pages regenerating

Date: 2024-10-08 15:24:19.662499+00:00
Changed-By: Julia Sarris <julia.sarris at canonical.com>
Signed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the jammy-changes mailing list