CVE-2019-12210 log

Source
Severity Medium
Remote No
Type Information disclosure
Description
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file.
This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
Group Package Affected Fixed Severity Status Ticket
AVG-973 pam-u2f 1.0.7-2 1.0.8-2 Medium Fixed
Date Advisory Group Package Severity Description
07 Jun 2019 ASA-201906-5 AVG-973 pam-u2f Medium information disclosure
References
https://seclists.org/oss-sec/2019/q2/149
https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62