Oval Definition:oval:org.opensuse.security:def:73628
Revision Date:2021-05-25Version:1
Title:Security update for libu2f-host (Moderate)
Description:

This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

* - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

- Fix CID copying from the init response, which broke compatibility with some devices.

Version 1.1.8 (released 2019-03-05)

- Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140).

Version 1.1.7 (released 2019-01-08)

- Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices.

- Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.
Family:unixClass:patch
Status:Reference(s):1124781
1128140
1177158
1184648
CVE-2012-1616
CVE-2018-20340
CVE-2019-9578
CVE-2020-14355
SUSE-SU-2020:3071-1
SUSE-SU-2021:1755-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libu2f-host-devel-1.1.10-3.9.1 is installed
  • OR libu2f-host0-1.1.10-3.9.1 is installed
  • OR u2f-host-1.1.10-3.9.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libspice-client-glib-2_0-8-0.37-3.3 is installed
  • OR libspice-client-glib-helper-0.37-3.3 is installed
  • OR libspice-client-gtk-3_0-5-0.37-3.3 is installed
  • OR spice-gtk-0.37-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND argyllcms-1.9.2-2 is installed
    • BACK