Oval Definition:oval:org.opensuse.security:def:73814
Revision Date:2021-05-25Version:1
Title:Security update for libu2f-host (Moderate)
Description:

This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

* - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

- Fix CID copying from the init response, which broke compatibility with some devices.

Version 1.1.8 (released 2019-03-05)

- Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140).

Version 1.1.7 (released 2019-01-08)

- Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices.

- Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.
Family:unixClass:patch
Status:Reference(s):1106272
1106843
1113719
1124781
1128140
1178067
1184648
941629
CVE-2018-18751
CVE-2018-20340
CVE-2019-9578
CVE-2020-27560
SUSE-SU-2020:3164-1
SUSE-SU-2021:1755-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • gettext-java-0.19.8.1-4.8 is installed
  • OR gettext-runtime-0.19.8.1-4.8 is installed
  • OR gettext-runtime-mini-0.19.8.1-4.8 is installed
  • OR gettext-runtime-mini-tools-doc-0.19.8.1-4.8 is installed
  • OR gettext-runtime-tools-doc-0.19.8.1-4.8 is installed
  • OR gettext-tools-mini-0.19.8.1-4.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
  • AND Package Information
  • ImageMagick-7.0.7.34-10.3 is installed
  • OR ImageMagick-config-7-SUSE-7.0.7.34-10.3 is installed
  • OR ImageMagick-devel-7.0.7.34-10.3 is installed
  • OR libMagick++-7_Q16HDRI4-7.0.7.34-10.3 is installed
  • OR libMagick++-devel-7.0.7.34-10.3 is installed
  • OR libMagickCore-7_Q16HDRI6-7.0.7.34-10.3 is installed
  • OR libMagickWand-7_Q16HDRI6-7.0.7.34-10.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND Package Information
  • libu2f-host-devel-1.1.10-3.9.1 is installed
  • OR libu2f-host0-1.1.10-3.9.1 is installed
  • OR u2f-host-1.1.10-3.9.1 is installed
    • BACK