AVG-973

Package pam-u2f
Status Fixed
Severity Medium
Type information disclosure
Affected 1.0.7-2
Fixed 1.0.8-2
Current 1.0.8-2 [community]
Ticket None
Created Fri Jun 7 19:48:24 2019
Issue Severity Remote Type Description
CVE-2019-12210 Medium No Information disclosure
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited...
CVE-2019-12209 Medium No Information disclosure
A symbolic link attack has been found in pam-u2f before 1.8.0. The file `$HOME/.config/Yubico/u2f_keys` is blindly followed by the PAM module. It can be a...
Date Advisory Package Description
07 Jun 2019 ASA-201906-5 pam-u2f information disclosure
References
https://seclists.org/oss-sec/2019/q2/149
https://bugzilla.suse.com/show_bug.cgi?id=1087061