SUSE-SU-2019:1749-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2019/suse-su-20191749-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2019:1749-1

Related

Published

2019-07-04T14:06:56Z

Modified

2019-07-04T14:06:56Z

Summary

Security update for libu2f-host

Details

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:

Security issues fixed for libu2f-host:

CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).
CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom made malicious USB device (bsc#1124781).

Security issues fixed for pam_u2f:

CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).

References

Affected packages

SUSE:Linux Enterprise Desktop 12 SP4 / libu2f-host

Package

Name: libu2f-host
Purl: pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.6-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 SP4 / pam_u2f

Package

Name: pam_u2f
Purl: pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8-3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4 / libu2f-host

Package

Name: libu2f-host
Purl: pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.6-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP4 / pam_u2f

Package

Name: pam_u2f
Purl: pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8-3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / libu2f-host

Package

Name: libu2f-host
Purl: pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.6-3.5.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / pam_u2f

Package

Name: pam_u2f
Purl: pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8-3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.5.1"
        }
    ]
}