Paketname
oath-toolkit
Datum
2014-03-14
Advisory ID
MDVSA-2014:061
Betroffene Versionen
MBS1 x86_64

Problembeschreibung

Updated oath-toolkit packages fix security vulnerability:

It was found that comments (lines starting with a hash) in
/etc/users.oath could prevent one-time-passwords (OTP) from
being invalidated, leaving the OTP vulnerable to replay attacks
(CVE-2013-7322).

Aktualisierte Pakete

MBS1 x86_64

 5e7ce31fddb192c01d46ff35e5077ef2  mbs1/x86_64/lib64oath0-1.12.6-1.mbs1.x86_64.rpm
 1d1119a6895f2c15b3186651a3e6b5f5  mbs1/x86_64/lib64oath-devel-1.12.6-1.mbs1.x86_64.rpm
 d3026ce09d217fecf642a8059b7319cc  mbs1/x86_64/oath-toolkit-1.12.6-1.mbs1.x86_64.rpm
 ed3ba7cb9afff74e2490a5da5ba5741c  mbs1/x86_64/pam_oath-1.12.6-1.mbs1.x86_64.rpm 
 76c955b592b689ebdd2bf55ebcd6d414  mbs1/SRPMS/oath-toolkit-1.12.6-1.mbs1.src.rpm

Referenzen