Ubuntu Security Notice 4276-1 - It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.
ad473bfdd43cfac5e70cb9134f6682db3a18061d4d48465975f372cbbe9d989b==========================================================================
Ubuntu Security Notice USN-4276-1
February 11, 2020
Yubico PIV Tool vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Yubico PIV Tool could be made to crash or run programs as an administrator if it
received specially crafted input.
Software Description:
- yubico-piv-tool: Command line tool for the YubiKey PIV applet
Details:
It was discovered that libykpiv, a supporting library of the Yubico PIV
Tool and YubiKey PIV Manager, mishandled specially crafted input. An
attacker with a custom-made, malicious USB device could potentially execute
arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV
Manager.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libykpiv1 1.4.2-2ubuntu0.1
ykcs11 1.4.2-2ubuntu0.1
yubico-piv-tool 1.4.2-2ubuntu0.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4276-1
CVE-2018-14779, CVE-2018-14780
Package Information:
https://launchpad.net/ubuntu/+source/yubico-piv-tool/1.4.2-2ubuntu0.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed