{"id":"openSUSE-SU-2019:1708-1","summary":"Security update for libu2f-host, pam_u2f","details":"This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:\n\nSecurity issues fixed for libu2f-host: \n\n- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).\n\nSecurity issues fixed for pam_u2f:\n\n- CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).\n- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","modified":"2026-02-04T03:34:09.058983Z","published":"2019-07-19T05:59:24Z","related":["CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"],"upstream":["CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"],"references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NLLQFQYZPMUPPGSELE2DVQUEBTEZRB3U/#NLLQFQYZPMUPPGSELE2DVQUEBTEZRB3U"},{"type":"REPORT","url":"https://bugzilla.suse.com/1128140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135727"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9578"}],"affected":[{"package":{"name":"libu2f-host","ecosystem":"openSUSE:Leap 15.1","purl":"pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.6-lp151.2.6.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-lp151.2.3.1","u2f-host":"1.1.6-lp151.2.6.1","libu2f-host0":"1.1.6-lp151.2.6.1","libu2f-host-doc":"1.1.6-lp151.2.6.1","libu2f-host-devel":"1.1.6-lp151.2.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1708-1.json"}},{"package":{"name":"pam_u2f","ecosystem":"openSUSE:Leap 15.1","purl":"pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.8-lp151.2.3.1"}]}],"ecosystem_specific":{"binaries":[{"pam_u2f":"1.0.8-lp151.2.3.1","u2f-host":"1.1.6-lp151.2.6.1","libu2f-host0":"1.1.6-lp151.2.6.1","libu2f-host-doc":"1.1.6-lp151.2.6.1","libu2f-host-devel":"1.1.6-lp151.2.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:1708-1.json"}}],"schema_version":"1.7.3"}