Security update for yubico-piv-tool
This update for yubico-piv-tool fixes the following issues:
Security issues fixed:
- CVE-2018-14779: Fixed an buffer overflow and an out of bounds memory read in
ykpiv_transfer_data(), which could be triggered by a malicious token.
(boo#1104809, YSA-2018-03)
- CVE-2018-14780: Fixed an buffer overflow and an out of bounds memory read in
_ykpiv_fetch_object(), which could be triggered by a malicious token.
(boo#1104811, YSA-2018-03)
-
Submitted by
Karol Babioch (kbabioch)
Fixed bugs
bnc#1104811
VUL-1: CVE-2018-14780: yubico-piv-tool: Out of Bounds Read via malicious APDU
bnc#1104809
VUL-1: CVE-2018-14779: yubico-piv-tool: Out of Bounds Write via Malicious APDU
