Advisories » MGASA-2024-0335

Updated oath-toolkit packages fix security vulnerability

Publication date: 25 Oct 2024
Modification date: 25 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-47191

Description

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows
root privilege escalation because, in the context of PAM code running as
root, it mishandles usersfile access, such as by calling fchown in the
presence of a symlink. (CVE-2024-47191)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33619
• https://lists.archlinux.org/archives/list/arch-security@lists.archlinux.org/message/IDKMOOVTHHDXCEEZ2S4VVYLM3N5QBPJA/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47191

SRPMS

9/core

• oath-toolkit-2.6.7-1.1.mga9