OVAL Reference oval:org.opensuse.security:def:5697

Oval Definition:

oval:org.opensuse.security:def:5697

Revision Date:	2021-05-25	Version:	1
Title:	Security update for libu2f-host (Moderate)
Description:	This update for libu2f-host fixes the following issues: This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648) Version 1.1.10 (released 2019-05-15) * - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140). Version 1.1.7 (released 2019-01-08) - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.
Family:	unix	Class:	patch
Status:		Reference(s):	1124781 1128140 1174538 1175686 1184648 CVE-2002-2443 CVE-2007-4772 CVE-2007-6600 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846 CVE-2009-0847 CVE-2009-3295 CVE-2009-4034 CVE-2009-4136 CVE-2009-4212 CVE-2010-0283 CVE-2010-0628 CVE-2010-1169 CVE-2010-1170 CVE-2010-1320 CVE-2010-1321 CVE-2010-1322 CVE-2010-1323 CVE-2010-1324 CVE-2010-2240 CVE-2010-3433 CVE-2010-4020 CVE-2010-4021 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282 CVE-2011-0284 CVE-2011-0285 CVE-2011-1145 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529 CVE-2011-1530 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868 CVE-2012-1012 CVE-2012-1013 CVE-2012-1016 CVE-2012-2143 CVE-2012-2655 CVE-2012-3488 CVE-2012-3489 CVE-2012-4504 CVE-2013-0255 CVE-2013-1415 CVE-2013-1417 CVE-2013-1418 CVE-2013-1899 CVE-2013-1900 CVE-2013-1901 CVE-2013-1940 CVE-2013-2002 CVE-2013-2005 CVE-2013-2063 CVE-2013-4396 CVE-2013-6424 CVE-2014-0004 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5351 CVE-2014-5352 CVE-2014-5353 CVE-2014-5354 CVE-2014-5355 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103 CVE-2014-8137 CVE-2014-8138 CVE-2014-8157 CVE-2014-8158 CVE-2014-9029 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423 CVE-2015-0255 CVE-2015-2694 CVE-2015-2695 CVE-2015-2696 CVE-2015-2697 CVE-2015-2698 CVE-2015-3164 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167 CVE-2015-3418 CVE-2015-5276 CVE-2015-5288 CVE-2015-5289 CVE-2015-7555 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631 CVE-2016-0766 CVE-2016-0773 CVE-2016-3119 CVE-2016-3120 CVE-2016-3977 CVE-2016-5384 CVE-2016-5423 CVE-2016-5424 CVE-2016-6354 CVE-2018-20340 CVE-2019-9578 CVE-2020-15652 CVE-2020-15659 CVE-2020-15663 CVE-2020-15664 CVE-2020-15669 CVE-2020-6463 CVE-2020-6514 SUSE-SU-2020:2179-1 SUSE-SU-2020:2552-1
Platform(s):	openSUSE 13.1 openSUSE 13.1 NonFree SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise for SAP 11 SP4 SUSE Linux Enterprise for SAP 12 SUSE Linux Enterprise for SAP 12 SP1 SUSE Linux Enterprise High Availability 12 SUSE Linux Enterprise High Availability 12 SP1 SUSE Linux Enterprise High Availability 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Toolchain 12 SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT SUSE Linux Enterprise Server 11 SP1-LTSS SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-LTSS SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for VMWare 11 SP2 SUSE Linux Enterprise Server for VMWare 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP4 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE Linux Enterprise Workstation Extension 15 SP2 SUSE OpenStack Cloud 5	Product(s):
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND python-Jinja2-2.7.3-4.1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information libXtst6-1.2.2-3 is installed OR libXtst6-32bit-1.2.2-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information at-3.1.14-7 is installed OR libQtWebKit4-4.8.6+2.3.3-3 is installed OR libQtWebKit4-32bit-4.8.6+2.3.3-3 is installed OR libbonobo-2.32.1-16 is installed OR libbonobo-32bit-2.32.1-16 is installed OR libbonobo-lang-2.32.1-16 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 11 SP4 is installed AND Package Information compat-openssl097g-0.9.7g-146.22.41.1 is installed OR compat-openssl097g-32bit-0.9.7g-146.22.41.1 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 is installed AND Package Information MozillaFirefox-45.3.0esr-78.1 is installed OR MozillaFirefox-translations-45.3.0esr-78.1 is installed
Definition Synopsis
SUSE Linux Enterprise for SAP 12 SP1 is installed AND sudo-1.8.10p3-2.16.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 is installed AND haproxy-1.5.4-2.4 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP1 is installed AND Package Information libpcreposix0-8.39-7 is installed OR pcre-8.39-7 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 12 SP2 is installed AND python-requests-2.8.1-6.11 is installed
Definition Synopsis
SUSE Linux Enterprise High Performance Computing 12 SP5 is installed AND ctags-5.8-7 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Toolchain 12 is installed AND Package Information cpp5-5.3.1+r233831-9 is installed OR gcc5-5.3.1+r233831-9 is installed OR gcc5-c++-5.3.1+r233831-9 is installed OR gcc5-fortran-5.3.1+r233831-9 is installed OR gcc5-info-5.3.1+r233831-9 is installed OR gcc5-locale-5.3.1+r233831-9 is installed OR libffi-devel-gcc5-5.3.1+r233831-9 is installed OR libstdc++6-devel-gcc5-5.3.1+r233831-9 is installed
Definition Synopsis
SUSE Linux Enterprise Point of Sale 12 SP2-CLIENT is installed AND Package Information kernel-firmware-20170530-21.22 is installed OR ucode-amd-20170530-21.22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP1-LTSS is installed AND Package Information cifs-mount-3.4.3-1.54.1 is installed OR ldapsmb-1.34b-11.28.54.1 is installed OR libsmbclient0-3.4.3-1.54.1 is installed OR libsmbclient0-32bit-3.4.3-1.54.1 is installed OR libtalloc1-3.4.3-1.54.1 is installed OR libtalloc1-32bit-3.4.3-1.54.1 is installed OR libtdb1-3.4.3-1.54.1 is installed OR libtdb1-32bit-3.4.3-1.54.1 is installed OR libwbclient0-3.4.3-1.54.1 is installed OR libwbclient0-32bit-3.4.3-1.54.1 is installed OR samba-3.4.3-1.54.1 is installed OR samba-32bit-3.4.3-1.54.1 is installed OR samba-client-3.4.3-1.54.1 is installed OR samba-client-32bit-3.4.3-1.54.1 is installed OR samba-doc-3.4.3-1.54.1 is installed OR samba-krb-printing-3.4.3-1.54.1 is installed OR samba-winbind-3.4.3-1.54.1 is installed OR samba-winbind-32bit-3.4.3-1.54.1 is installed
Definition Synopsis
Release Information SUSE Linux Enterprise Server 11 SP2 is installed AND openssh-5.1p1-41.57.1 is installed OR openssh-askpass-5.1p1-41.57.1 is installed OR Package Information SUSE Linux Enterprise Server for VMWare 11 SP2 is installed AND openssh-5.1p1-41.57.1 is installed OR openssh-askpass-5.1p1-41.57.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP2 is installed AND apache2-mod_jk-1.2.26-1.30.110 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP3 is installed AND aaa_base-11-6.90.1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 11 SP4 is installed AND Package Information PackageKit-0.3.14-2.30.11 is installed OR PackageKit-lang-0.3.14-2.30.11 is installed OR hal-0.5.12-23.76.1 is installed OR hal-32bit-0.5.12-23.76.1 is installed OR hal-doc-0.5.12-23.76.1 is installed OR hal-x86-0.5.12-23.76.1 is installed OR libpackagekit-glib10-0.3.14-2.30.11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND apache-commons-httpclient-3.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information DirectFB-1.7.1-4 is installed OR lib++dfb-1_7-1-1.7.1-4 is installed OR libdirectfb-1_7-1-1.7.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information apache-commons-daemon-1.0.15-4 is installed OR apache-commons-daemon-javadoc-1.0.15-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information lcms2-2.7-9.7 is installed OR liblcms2-2-2.7-9.7 is installed OR liblcms2-2-32bit-2.7-9.7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12-LTSS is installed AND Package Information tomcat-7.0.78-7.13.4 is installed OR tomcat-admin-webapps-7.0.78-7.13.4 is installed OR tomcat-docs-webapp-7.0.78-7.13.4 is installed OR tomcat-el-2_2-api-7.0.78-7.13.4 is installed OR tomcat-javadoc-7.0.78-7.13.4 is installed OR tomcat-jsp-2_2-api-7.0.78-7.13.4 is installed OR tomcat-lib-7.0.78-7.13.4 is installed OR tomcat-servlet-3_0-api-7.0.78-7.13.4 is installed OR tomcat-webapps-7.0.78-7.13.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-28 is installed OR aaa_base-extras-13.2+git20140911.61c1681-28 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 12 SP1 is installed AND Package Information kgraft-patch-3_12_74-60_64_99-default-3-2 is installed OR kgraft-patch-3_12_74-60_64_99-xen-3-2 is installed OR kgraft-patch-SLE12-SP1_Update_30-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP2 is installed AND Package Information dbus-1-devel-1.2.10-3.25.1 is installed OR dbus-1-devel-doc-1.2.10-3.25.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 11 SP3 is installed AND MozillaFirefox-devel-17.0.9esr-0.7.1 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 is installed AND ctdb-devel-2.5.3-4 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP1 is installed AND Package Information ImageMagick-6.8.8.1-8 is installed OR ImageMagick-devel-6.8.8.1-8 is installed OR libMagick++-6_Q16-3-6.8.8.1-8 is installed OR libMagick++-devel-6.8.8.1-8 is installed OR perl-PerlMagick-6.8.8.1-8 is installed
Definition Synopsis
SUSE Linux Enterprise Software Development Kit 12 SP4 is installed AND Package Information libcolord-devel-1.3.3-12 is installed OR libcolord-gtk-devel-0.1.26-6 is installed OR typelib-1_0-ColorHug-1_0-1.3.3-12 is installed OR typelib-1_0-Colord-1_0-1.3.3-12 is installed OR typelib-1_0-ColordGtk-1_0-0.1.26-6 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 is installed AND Package Information ImageMagick-6.8.8.1-5 is installed OR libMagick++-6_Q16-3-6.8.8.1-5 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-5 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP1 is installed AND argyllcms-1.6.3-1 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP2 is installed AND cyrus-sasl-digestmd5-32bit-2.1.26-7 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information ImageMagick-6.8.8.1-70 is installed OR libMagick++-6_Q16-3-6.8.8.1-70 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-70 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 12 SP4 is installed AND argyllcms-1.6.3-3 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-68.12.0-3.94 is installed OR MozillaThunderbird-translations-common-68.12.0-3.94 is installed OR MozillaThunderbird-translations-other-68.12.0-3.94 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP2 is installed AND Package Information MozillaThunderbird-68.11.0-3.91 is installed OR MozillaThunderbird-translations-common-68.11.0-3.91 is installed OR MozillaThunderbird-translations-other-68.11.0-3.91 is installed

BACK