openSUSE-SU-2019:1725-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1725-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:1725-1
- Upstream
- Related
- Published
- 2019-07-19T15:59:26Z
- Modified
- 2026-02-04T02:44:36.166528Z
- Summary
- Security update for libu2f-host, pam_u2f
- Details
-
This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:
Security issues fixed for libu2f-host:
- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).
Security issues fixed for pam_u2f:
- CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7L2J54VOSWKWWHDQ3LUR6WDVPL2TE6XB/#7L2J54VOSWKWWHDQ3LUR6WDVPL2TE6XB
- https://bugzilla.suse.com/1128140
- https://bugzilla.suse.com/1135727
- https://bugzilla.suse.com/1135729
- https://www.suse.com/security/cve/CVE-2019-12209
- https://www.suse.com/security/cve/CVE-2019-12210
- https://www.suse.com/security/cve/CVE-2019-9578
Affected packages
openSUSE:Leap 15.0 / libu2f-host
Package
- Name
- libu2f-host
- Purl
- pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.1.6-lp150.10.1
openSUSE:Leap 15.0 / pam_u2f
Package
- Name
- pam_u2f
- Purl
- pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.0.8-lp150.7.1