-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-dad1d2b46a 2024-10-19 01:18:49.824523 -------------------------------------------------------------------------------- Name : oath-toolkit Product : Fedora 39 Version : 2.6.12 Release : 1.fc39 URL : https://www.nongnu.org/oath-toolkit/ Summary : One-time password components Description : The OATH Toolkit provide components for building one-time password authentication systems. It contains shared libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization that specify the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported. -------------------------------------------------------------------------------- Update Information: This is new version fixing possible local privilege escalation. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 10 2024 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.6.12-1 - New version Resolves: rhbz#2316447 - Dropped privileges when operating on user files Resolves: CVE-2024-47191 * Thu Jul 25 2024 Miroslav Suchý <msuchy@xxxxxxxxxx> - 2.6.11-6 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.6.11-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Apr 11 2024 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.6.11-4 - Added gpg2 signature verification * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.6.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.6.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jan 11 2024 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.6.11-1 - New version Resolves: rhbz#2257841 * Wed Jan 3 2024 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.6.10-1 - New version Resolves: rhbz#2256555 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2316488 - CVE-2024-47191 oath-toolkit: Local root exploit in a PAM module https://bugzilla.redhat.com/show_bug.cgi?id=2316488 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-dad1d2b46a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
