Security update for yubico-piv-tool
This update for yubico-piv-tool fixes the following issues:
Security issues fixed:
- Fixed an buffer overflow and an out of bounds memory read in
ykpiv_transfer_data(), which could be triggered by a malicious
token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)
- Fixed an buffer overflow and an out of bounds memory read in
_ykpiv_fetch_object(), which could be triggered by a malicious
token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Karol Babioch (kbabioch)
Fixed bugs
bnc#1104811
VUL-1: CVE-2018-14780: yubico-piv-tool: Out of Bounds Read via malicious APDU
bnc#1104809
VUL-1: CVE-2018-14779: yubico-piv-tool: Out of Bounds Write via Malicious APDU
