openSUSE-SU-2019:1708-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1708-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2019:1708-1

Related

Published

2019-07-19T05:59:24Z

Modified

2019-07-19T05:59:24Z

Summary

Security update for libu2f-host, pam_u2f

Details

This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:

Security issues fixed for libu2f-host:

CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).

Security issues fixed for pam_u2f:

CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).
CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).

This update was imported from the SUSE:SLE-15:Update update project.

References

Affected packages

openSUSE:Leap 15.1 / libu2f-host

Package

Name: libu2f-host
Purl: pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.6-lp151.2.6.1

Ecosystem specific

{
    "binaries": [
        {
            "libu2f-host0": "1.1.6-lp151.2.6.1",
            "pam_u2f": "1.0.8-lp151.2.3.1",
            "u2f-host": "1.1.6-lp151.2.6.1",
            "libu2f-host-doc": "1.1.6-lp151.2.6.1",
            "libu2f-host-devel": "1.1.6-lp151.2.6.1"
        }
    ]
}

openSUSE:Leap 15.1 / pam_u2f

Package

Name: pam_u2f
Purl: pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.8-lp151.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libu2f-host0": "1.1.6-lp151.2.6.1",
            "pam_u2f": "1.0.8-lp151.2.3.1",
            "u2f-host": "1.1.6-lp151.2.6.1",
            "libu2f-host-doc": "1.1.6-lp151.2.6.1",
            "libu2f-host-devel": "1.1.6-lp151.2.6.1"
        }
    ]
}