Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1755.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1755-1)
Summary:The remote host is missing an update for the 'libu2f-host' package(s) announced via the SUSE-SU-2021:1755-1 advisory.
Description:Summary:
The remote host is missing an update for the 'libu2f-host' package(s) announced via the SUSE-SU-2021:1755-1 advisory.

Vulnerability Insight:
This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

Add new devices to udev rules.

Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

Fix CID copying from the init response, which broke compatibility with
some devices.

Version 1.1.8 (released 2019-03-05)

Add udev rules

Drop 70-old-u2f.rules and use 70-u2f.rules for everything

Use a random nonce for setting up CID to prevent fingerprinting

CVE-2019-9578: Parse the response to init in a more stable way to
prevent leakage of uninitialized stack memory back to the device
(bsc#1128140).

Version 1.1.7 (released 2019-01-08)

Fix for trusting length from device in device init.

Fix for buffer overflow when receiving data from device. (YSA-2019-01,
CVE-2018-20340, bsc#1124781)

Add udev rules for some new devices.

Add udev rule for Feitian ePass FIDO
- Add a timeout to the register and authenticate actions.

Affected Software/OS:
'libu2f-host' package(s) on SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP2

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2019-9578
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMA4H6AZFYIR3LA5VKKEJZNCCIVMUCFQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4YCFMSNMXZ7XC4U6WXPQA7JCXC6VOAJ/
https://security.gentoo.org/glsa/202004-15
https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/
https://developers.yubico.com/libu2f-host/Release_Notes.html
https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5
SuSE Security Announcement: openSUSE-SU-2019:1708 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html
SuSE Security Announcement: openSUSE-SU-2019:1725 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.