openSUSE Leap 15.3: openSUSE-SU-2021:1755-1 Moderate: libu2f-host Overflow

opensuse

July 10, 2021

An update that solves two vulnerabilities, contains one feature and has one errata is now available

Description

This update for libu2f-host fixes the following issues:

This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)

Version 1.1.10 (released 2019-05-15)

- Add new devices to udev rules.

- Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)

Version 1.1.9 (released 2019-03-06)

- Fix CID copying from the init response, which broke compatibility with

some devices.

Version 1.1.8 (released 2019-03-05)

- Add udev rules

- Drop 70-old-u2f.rules and use 70-u2f.rules for everything

- Use a random nonce for setting up CID to prevent fingerprinting

- CVE-2019-9578: Parse the response to init in a more stable way to

prevent leakage of uninitialized stack memory back to the device

(bsc#1128140).

Version 1.1.7 (released 2019-01-08)

- Fix for trusting length from device in device init.

- Fix for buffer overflow when receiving data from device. (YSA-2019-01,

CVE-2018-20340, bsc#1124781)

- Add udev rules...

Read the Full Advisory

Topics Covered

security advisory buffer overflow moderate severity openSUSE libu2f-host

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-1755=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

libu2f-host-debuginfo-1.1.10-3.9.1

libu2f-host-debugsource-1.1.10-3.9.1

libu2f-host-devel-1.1.10-3.9.1

libu2f-host-doc-1.1.10-3.9.1

libu2f-host0-1.1.10-3.9.1

libu2f-host0-debuginfo-1.1.10-3.9.1

u2f-host-1.1.10-3.9.1

u2f-host-debuginfo-1.1.10-3.9.1

References

https://www.suse.com/security/cve/CVE-2018-20340.html

https://www.suse.com/security/cve/CVE-2019-9578.html

https://bugzilla.suse.com/1124781

https://bugzilla.suse.com/1128140

https://bugzilla.suse.com/1184648

Announcement ID: openSUSE-SU-2021:1755-1

Rating: moderate

Affected Products: openSUSE Leap 15.3 ble.

Topics Covered

security advisory buffer overflow moderate severity openSUSE libu2f-host

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 15.3: openSUSE-SU-2021:1755-1 Moderate: libu2f-host Overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE Leap 15.3: openSUSE-SU-2021:1755-1 Moderate: libu2f-host Overflow

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!