Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.853952 |
Category: | SuSE Local Security Checks |
Title: | openSUSE: Security Advisory for libu2f-host (openSUSE-SU-2021:1755-1) |
Summary: | The remote host is missing an update for the 'libu2f-host'; package(s) announced via the openSUSE-SU-2021:1755-1 advisory. |
Description: | Summary: The remote host is missing an update for the 'libu2f-host' package(s) announced via the openSUSE-SU-2021:1755-1 advisory. Vulnerability Insight: This update for libu2f-host fixes the following issues: This update ships the u2f-host package (jsc#ECO-3687 bsc#1184648) Version 1.1.10 (released 2019-05-15) - Add new devices to udev rules. - Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140) Version 1.1.9 (released 2019-03-06) - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 (released 2019-03-05) - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device (bsc#1128140). Version 1.1.7 (released 2019-01-08) - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. (YSA-2019-01, CVE-2018-20340, bsc#1124781) - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions. Affected Software/OS: 'libu2f-host' package(s) on openSUSE Leap 15.3. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-9578 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMA4H6AZFYIR3LA5VKKEJZNCCIVMUCFQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4YCFMSNMXZ7XC4U6WXPQA7JCXC6VOAJ/ https://security.gentoo.org/glsa/202004-15 https://blog.inhq.net/posts/yubico-libu2f-host-vuln-part2/ https://developers.yubico.com/libu2f-host/Release_Notes.html https://github.com/Yubico/libu2f-host/commit/e4bb58cc8b6202a421e65f8230217d8ae6e16eb5 SuSE Security Announcement: openSUSE-SU-2019:1708 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html SuSE Security Announcement: openSUSE-SU-2019:1725 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |