Updated oath-toolkit packages fix security vulnerability
Publication date: 25 Feb 2014Modification date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7322
Description
It was found that comments (lines starting with a hash) in /etc/users.oath
could prevent one-time-passwords (OTP) from being invalidated, leaving the OTP
vulnerable to replay attacks (CVE-2013-7322).
References
- https://bugs.mageia.org/show_bug.cgi?id=12873
- http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
- http://www.nongnu.org/oath-toolkit/NEWS.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-February/128934.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7322
SRPMS
4/core
- oath-toolkit-2.4.1-1.mga4
3/core
- oath-toolkit-1.12.6-2.1.mga3