AVG-973 log
| Package | pam-u2f |
| Status | Fixed |
| Severity | Medium |
| Type | information disclosure |
| Affected | 1.0.7-2 |
| Fixed | 1.0.8-2 |
| Current | 1.4.0-1 [extra] |
| Ticket | None |
| Created | Fri Jun 7 19:48:24 2019 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2019-12210 | Medium | No | Information disclosure | A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited... |
| CVE-2019-12209 | Medium | No | Information disclosure | A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 07 Jun 2019 | ASA-201906-5 | pam-u2f | information disclosure |
| References |
|---|
https://seclists.org/oss-sec/2019/q2/149 https://bugzilla.suse.com/show_bug.cgi?id=1087061 |