USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10.
Original advisory details:
Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack. (CVE-2024-47191)
{ "availability": "No subscription required", "binaries": [ { "binary_name": "liboath-dev", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "liboath0t64", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "liboath0t64-dbgsym", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "libpam-oath", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "libpam-oath-dbgsym", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "libpskc-dev", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "libpskc0t64", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "libpskc0t64-dbgsym", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "oathtool", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "oathtool-dbgsym", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "pskctool", "binary_version": "2.6.11-3ubuntu1" }, { "binary_name": "pskctool-dbgsym", "binary_version": "2.6.11-3ubuntu1" } ] }