{"affected":[{"ecosystem_specific":{"binaries":[{"libu2f-host-devel":"1.1.10-3.9.1","libu2f-host0":"1.1.10-3.9.1","u2f-host":"1.1.10-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP2","name":"libu2f-host","purl":"pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-3.9.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libu2f-host-devel":"1.1.10-3.9.1","libu2f-host0":"1.1.10-3.9.1","u2f-host":"1.1.10-3.9.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP3","name":"libu2f-host","purl":"pkg:rpm/suse/libu2f-host&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.10-3.9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libu2f-host fixes the following issues:\n\nThis update ships the u2f-host package (jsc#ECO-3687 bsc#1184648)\n\nVersion 1.1.10 (released 2019-05-15)\n\n- Add new devices to udev rules.\n- Fix a potentially uninitialized buffer (CVE-2019-9578, bsc#1128140)\n\nVersion 1.1.9 (released 2019-03-06)\n\n- Fix CID copying from the init response, which broke compatibility with\nsome devices.\n\nVersion 1.1.8 (released 2019-03-05)\n\n- Add udev rules\n- Drop 70-old-u2f.rules and use 70-u2f.rules for everything\n- Use a random nonce for setting up CID to prevent fingerprinting\n- CVE-2019-9578: Parse the response to init in a more stable way to prevent\n  leakage of uninitialized stack memory back to the device (bsc#1128140).\n\nVersion 1.1.7 (released 2019-01-08)\n\n- Fix for trusting length from device in device init.\n- Fix for buffer overflow when receiving data from device. (YSA-2019-01,\n  CVE-2018-20340, bsc#1124781)\n- Add udev rules for some new devices.\n\n- Add udev rule for Feitian ePass FIDO \n  - Add a timeout to the register and authenticate actions.","id":"SUSE-SU-2021:1755-1","modified":"2021-05-25T11:30:09Z","published":"2021-05-25T11:30:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2021/suse-su-20211755-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1124781"},{"type":"REPORT","url":"https://bugzilla.suse.com/1128140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1184648"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-20340"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9578"}],"related":["CVE-2018-20340","CVE-2019-9578"],"summary":"Security update for libu2f-host","upstream":["CVE-2018-20340","CVE-2019-9578"]}