<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================</p>
<div id=":10l" class="a3s aiL ">
Ubuntu Security Notice USN-7059-2<br>
October 17, 2024<br>
<br>
oath-toolkit vulnerability<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 24.10<br>
<br>
Summary:<br>
<br>
OATH Toolkit could be made to overwrite files as the
administrator.<br>
<br>
Software Description:<br>
- oath-toolkit: Development files for the OATH Toolkit Liboath
library<br>
<br>
Details:<br>
<br>
USN-7059-1 fixed a vulnerability in OATH Toolkit library. This<br>
update provides the corresponding update for Ubuntu 24.10.<br>
<br>
Original advisory details:<br>
<br>
Fabian Vogt discovered that OATH Toolkit incorrectly handled file<br>
permissions. A remote attacker could possibly use this issue to<br>
overwrite root owned files, leading to a privilege escalation
attack.<br>
(CVE-2024-47191)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 24.10<br>
liboath-dev 2.6.11-3ubuntu1<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-7059-2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7059-2&source=gmail&ust=1729267404233000&usg=AOvVaw0axMRcWOchLVlp92CBo1lf">https://ubuntu.com/security/no<wbr>tices/USN-7059-2</a><br>
<a href="https://ubuntu.com/security/notices/USN-7059-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7059-1&source=gmail&ust=1729267404233000&usg=AOvVaw1NnYIYij7BP6HBJliewd-P">https://ubuntu.com/security/no<wbr>tices/USN-7059-1</a><br>
CVE-2024-47191<br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/oath-toolkit/2.6.11-3ubuntu1&source=gmail&ust=1729267404233000&usg=AOvVaw3pr_NKAhe5QdhJm1W9KYWm">https://launchpad.net/ubuntu/+<wbr>source/oath-toolkit/2.6.11-3ub<wbr>untu1</a></div>
</body>
</html>