<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>==========================================================================</p>
    <div id=":10l" class="a3s aiL ">
      Ubuntu Security Notice USN-7059-2<br>
      October 17, 2024<br>
      <br>
      oath-toolkit vulnerability<br>
      ==============================<wbr>==============================<wbr>==============<br>
      <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 24.10<br>
      <br>
      Summary:<br>
      <br>
      OATH Toolkit could be made to overwrite files as the
      administrator.<br>
      <br>
      Software Description:<br>
      - oath-toolkit: Development files for the OATH Toolkit Liboath
      library<br>
      <br>
      Details:<br>
      <br>
      USN-7059-1 fixed a vulnerability in OATH Toolkit library. This<br>
      update provides the corresponding update for Ubuntu 24.10.<br>
      <br>
      Original advisory details:<br>
      <br>
       Fabian Vogt discovered that OATH Toolkit incorrectly handled file<br>
       permissions. A remote attacker could possibly use this issue to<br>
       overwrite root owned files, leading to a privilege escalation
      attack.<br>
       (CVE-2024-47191)<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 24.10<br>
        liboath-dev                     2.6.11-3ubuntu1<br>
      <br>
      In general, a standard system update will make all the necessary
      changes.<br>
      <br>
      References:<br>
        <a href="https://ubuntu.com/security/notices/USN-7059-2"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7059-2&source=gmail&ust=1729267404233000&usg=AOvVaw0axMRcWOchLVlp92CBo1lf">https://ubuntu.com/security/no<wbr>tices/USN-7059-2</a><br>
        <a href="https://ubuntu.com/security/notices/USN-7059-1"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7059-1&source=gmail&ust=1729267404233000&usg=AOvVaw1NnYIYij7BP6HBJliewd-P">https://ubuntu.com/security/no<wbr>tices/USN-7059-1</a><br>
        CVE-2024-47191<br>
      <br>
      Package Information:<br>
        <a
href="https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1"
        rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/oath-toolkit/2.6.11-3ubuntu1&source=gmail&ust=1729267404233000&usg=AOvVaw3pr_NKAhe5QdhJm1W9KYWm">https://launchpad.net/ubuntu/+<wbr>source/oath-toolkit/2.6.11-3ub<wbr>untu1</a></div>
  </body>
</html>