Advisories » MGASA-2014-0101

Updated oath-toolkit packages fix security vulnerability

Publication date: 25 Feb 2014
Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7322

Description

It was found that comments (lines starting with a hash) in /etc/users.oath
could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP
vulnerable to replay attacks (CVE-2013-7322).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12873
• http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
• http://www.nongnu.org/oath-toolkit/NEWS.html
• https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128934.html
• https://www.cve.org/CVERecord?id=CVE-2013-7322

SRPMS

3/core

• oath-toolkit-1.12.6-2.1.mga3

4/core

• oath-toolkit-2.4.1-1.mga4