Security update for yubico-piv-tool (low)

2019-05-08T15:13:50
ID OPENSUSE-SU-2019:1341-1
Type suse
Reporter Suse
Modified 2019-05-08T15:13:50

Description

This update for yubico-piv-tool fixes the following issues:

Security issues fixed:

  • Fixed an buffer overflow and an out of bounds memory read in ykpiv_transfer_data(), which could be triggered by a malicious token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)
  • Fixed an buffer overflow and an out of bounds memory read in _ykpiv_fetch_object(), which could be triggered by a malicious token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)

This update was imported from the SUSE:SLE-15:Update update project.