SUSE-SU-2019:1750-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2019/suse-su-20191750-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1750-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2019:1750-1
Related
Published
2019-07-04T14:07:36Z
Modified
2019-07-04T14:07:36Z
Summary
Security update for libu2f-host, pam_u2f
Details

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:

Security issues fixed for libu2f-host:

  • CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).

Security issues fixed for pam_u2f:

  • CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
  • CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 / libu2f-host

Package

Name
libu2f-host
Purl
pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.6-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.6.1",
            "libu2f-host-devel": "1.1.6-3.6.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 / pam_u2f

Package

Name
pam_u2f
Purl
pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8-3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.6.1",
            "libu2f-host-devel": "1.1.6-3.6.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libu2f-host

Package

Name
libu2f-host
Purl
pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.6-3.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.6.1",
            "libu2f-host-devel": "1.1.6-3.6.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / pam_u2f

Package

Name
pam_u2f
Purl
pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.8-3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "pam_u2f": "1.0.8-3.3.1",
            "libu2f-host0": "1.1.6-3.6.1",
            "libu2f-host-devel": "1.1.6-3.6.1"
        }
    ]
}