oath-toolkit 2.6.7-3ubuntu0.1 source package in Ubuntu

Changelog

oath-toolkit (2.6.7-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: root escalation in liboath-pam
    - debian/patches/use-fopen-gnu.patch: use gnulib's fopen-gnu
      for cross-platform fopen
    - debian/patches/improve-liboath-usersfile-writing.patch: improve
      liboath usersfile write handling
    - debian/patches/pam_oath-seteuid.patch: drop privs to user when
      usersfile contains ${HOME}
    - CVE-2024-47191
  * Add execute_before_dh_auto_build to debian/rules to prevent man
      pages regenerating

 -- Julia Sarris <email address hidden>  Mon, 07 Oct 2024 15:38:43 -0400

Upload details

Uploaded by:
Julia Sarris
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy updates main devel
Jammy security main devel

Downloads

File Size SHA-256 Checksum
oath-toolkit_2.6.7.orig.tar.gz 5.4 MiB 36eddfce8f2f36347fb257dbf878ba0303a2eaafe24eaa071d5cd302261046a9
oath-toolkit_2.6.7.orig.tar.gz.asc 119 bytes d5dd2444d30fe598e4d0949afcd2c0e8dfb4a322198d30beb9acdab3a3ee14ff
oath-toolkit_2.6.7-3ubuntu0.1.debian.tar.xz 15.2 KiB 2f1923807335a83b2279857e9244b38a7f725028e997101b662acef42b4bd433
oath-toolkit_2.6.7-3ubuntu0.1.dsc 2.4 KiB 03d0a804f6dffd95acdd69da12fb47df22b09d5a075c13f15c9dcc326e7d4fba

View changes file

Binary packages built by this source

liboath-dev: Development files for the OATH Toolkit Liboath library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain all files necessary for developing programs that
 use Liboath.

liboath0: OATH Toolkit Liboath library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package includes the Liboath shared library that is used by
 applications. You normally don't need to install it manually.

liboath0-dbgsym: debug symbols for liboath0
libpam-oath: OATH Toolkit libpam_oath PAM module

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain a PAM module to authenticate users against
 a local file-based OATH database.

libpam-oath-dbgsym: debug symbols for libpam-oath
libpskc-dev: Development files for the OATH Toolkit Libpskc library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contain all files necessary for developing programs that
 use Libpskc.

libpskc0: OATH Toolkit Libpskc library

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package includes the Libpskc shared library that is used by
 applications. You normally don't need to install it manually.

libpskc0-dbgsym: debug symbols for libpskc0
oathtool: OATH Toolkit oathtool command line tool

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contains the OATH Toolkit "oathtool" command line tool.

oathtool-dbgsym: debug symbols for oathtool
pskctool: OATH Toolkit pskctool command line tool

 OATH Toolkit provide components to build one-time password
 authentication systems. It contains shared C libraries, command line
 tools and a PAM module. Supported technologies include the
 event-based HOTP algorithm (RFC 4226), the time-based TOTP algorithm
 (RFC 6238), and Portable Symmetric Key Container (PSKC, RFC 6030) to
 manage secret key data. OATH stands for Open AuTHentication, which is
 the organization that specify the algorithms.
 .
 This package contains the OATH Toolkit "pskctool" command line tool.

pskctool-dbgsym: debug symbols for pskctool