vulnerability
Arch Linux: Information disclosure (CVE-2019-12210)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:S/C:P/I:P/A:N) | Jun 4, 2019 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
Published
Jun 4, 2019
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A file descriptor leak has been found in pam-u2f before 1.8.0. If the `debug` and `debug_file` options are set then the opened debug file will be inherited to the successfully authenticated user's process. Therefore this user can write further information to it, possibly filling up a privileged file system or manipulating the information found in the debug file.
This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.
Solution
arch-linux-upgrade-latest
References
- CVE-2019-12210
- https://attackerkb.com/topics/CVE-2019-12210
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html
- URL-http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html
- URL-http://www.openwall.com/lists/oss-security/2019/06/05/1
- URL-https://bugzilla.suse.com/show_bug.cgi?id=1087061
- URL-https://developers.yubico.com/pam-u2f/Release_Notes.html
- URL-https://github.com/Yubico/pam-u2f/commit/18b1914e32b74ff52000f10e97067e841e5fff62
- URL-https://seclists.org/oss-sec/2019/q2/149
- URL-https://security.archlinux.org/ASA-201906-5
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.