Oval Definition:oval:org.opensuse.security:def:67105
Revision Date:2021-05-25Version:1
Title:Security update for libu2f-host (Moderate)
Description:

This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

* - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

- Fix CID copying from the init response, which broke compatibility with some devices.

Version 1.1.8 (released 2019-03-05)

- Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140).

Version 1.1.7 (released 2019-01-08)

- Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices.

- Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.
Family:unixClass:patch
Status:Reference(s):1124781
1128140
1153165
1154217
1169063
1171899
1173606
1184648
CVE-2018-20340
CVE-2019-14853
CVE-2019-14859
CVE-2019-9578
CVE-2020-11647
CVE-2020-13164
CVE-2020-15466
SUSE-SU-2020:2144-1
Platform(s):SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • wireshark-3.2.5-3.38 is installed
  • OR wireshark-devel-3.2.5-3.38 is installed
  • OR wireshark-ui-qt-3.2.5-3.38 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • python-ecdsa-0.13.3-3.3 is installed
  • OR python2-ecdsa-0.13.3-3.3 is installed
    • BACK