Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-201906-5 - log
back
ASA-201906-5
created
at 25 Sep 2019 19:32:14
Workaround
+
A major mitigation for both issues is to remove the `debug` and
+
`debug_file` options for `pam_u2f.so` in the PAM configuration.
+
Furthermore enabling the `openasuser` option will mitigate the symlink
+
attack in CVE-2019-12209.
Impact
+
An authenticated user can access sensitive information via a crafted symlink or a leaked file descriptor.