Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1755-1)
Summary:The remote host is missing an update for the 'libu2f-host' package(s) announced via the SUSE-SU-2021:1755-1 advisory.
The remote host is missing an update for the 'libu2f-host' package(s) announced via the SUSE-SU-2021:1755-1 advisory.

Vulnerability Insight:
This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

Add new devices to udev rules.

Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

Fix CID copying from the init response, which broke compatibility with
some devices.

Version 1.1.8 (released 2019-03-05)

Add udev rules

Drop 70-old-u2f.rules and use 70-u2f.rules for everything

Use a random nonce for setting up CID to prevent fingerprinting

CVE-2019-9578: Parse the response to init in a more stable way to
prevent leakage of uninitialized stack memory back to the device

Version 1.1.7 (released 2019-01-08)

Fix for trusting length from device in device init.

Fix for buffer overflow when receiving data from device. (YSA-2019-01,
CVE-2018-20340, bsc#1124781)

Add udev rules for some new devices.

Add udev rule for Feitian ePass FIDO
- Add a timeout to the register and authenticate actions.

Affected Software/OS:
'libu2f-host' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP2

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9578
SuSE Security Announcement: openSUSE-SU-2019:1708 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:1725 (Google Search)
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.