{"id":"SUSE-SU-2019:1749-1","summary":"Security update for libu2f-host","details":"This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:\n\t  \nSecurity issues fixed for libu2f-host: \n\n- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).\n- CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow \n  with a custom made malicious USB device (bsc#1124781).\n\nSecurity issues fixed for pam_u2f:\n\n- CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).\n- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).\n","modified":"2026-02-04T04:38:13.599936Z","published":"2019-07-04T14:06:56Z","related":["CVE-2018-20340","CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"],"upstream":["CVE-2018-20340","CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20191749-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1124781"},{"type":"REPORT","url":"https://bugzilla.suse.com/1128140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135727"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20340"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9578"}],"affected":[{"package":{"name":"libu2f-host","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","purl":"pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.6-3.5.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}},{"package":{"name":"pam_u2f","ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","purl":"pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.8-3.3.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}},{"package":{"name":"libu2f-host","ecosystem":"SUSE:Linux Enterprise Server 12 SP4","purl":"pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.6-3.5.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}},{"package":{"name":"pam_u2f","ecosystem":"SUSE:Linux Enterprise Server 12 SP4","purl":"pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.8-3.3.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}},{"package":{"name":"libu2f-host","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","purl":"pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.6-3.5.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}},{"package":{"name":"pam_u2f","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","purl":"pkg:rpm/suse/pam_u2f&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.8-3.3.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-3.3.1","libu2f-host0":"1.1.6-3.5.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:1749-1.json"}}],"schema_version":"1.7.3"}