Overview

File _patchinfo of Package patchinfo.8570

<patchinfo incident="8570">
  <issue tracker="bnc" id="1104811">VUL-1: CVE-2018-14780: yubico-piv-tool: Out of Bounds Read via malicious APDU</issue>
  <issue tracker="bnc" id="1104809">VUL-1: CVE-2018-14779: yubico-piv-tool: Out of Bounds Write via Malicious APDU</issue>
  <issue tracker="cve" id="2018-14780"/>
  <issue tracker="cve" id="2018-14779"/>
  <category>security</category>
  <rating>low</rating>
  <packager>kbabioch</packager>
  <description>This update for yubico-piv-tool fixes the following issues:

Security issues fixed:

- Fixed an buffer overflow and an out of bounds memory read in
  ykpiv_transfer_data(), which could be triggered by a malicious
  token. (CVE-2018-14779, bsc#1104809, YSA-2018-03)
- Fixed an buffer overflow and an out of bounds memory read in
  _ykpiv_fetch_object(), which could be triggered by a malicious
  token. (CVE-2018-14780, bsc#1104811, YSA-2018-03)
</description>
  <summary>Security update for yubico-piv-tool</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places