{"affected":[{"ecosystem_specific":{"binaries":[{"libu2f-host-devel":"1.1.6-lp150.10.1","libu2f-host-doc":"1.1.6-lp150.10.1","libu2f-host0":"1.1.6-lp150.10.1","pam_u2f":"1.0.8-lp150.7.1","u2f-host":"1.1.6-lp150.10.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"libu2f-host","purl":"pkg:rpm/opensuse/libu2f-host&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.6-lp150.10.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libu2f-host-devel":"1.1.6-lp150.10.1","libu2f-host-doc":"1.1.6-lp150.10.1","libu2f-host0":"1.1.6-lp150.10.1","pam_u2f":"1.0.8-lp150.7.1","u2f-host":"1.1.6-lp150.10.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.0","name":"pam_u2f","purl":"pkg:rpm/opensuse/pam_u2f&distro=openSUSE%20Leap%2015.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.8-lp150.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues:\n\nSecurity issues fixed for libu2f-host: \n\n- CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response (bsc#1128140).\n\nSecurity issues fixed for pam_u2f:\n\n- CVE-2019-12209: Fixed an issue where symlinks in the user's directory were followed (bsc#1135729).\n- CVE-2019-12210: Fixed file descriptor leaks (bsc#1135727).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:1725-1","modified":"2019-07-19T15:59:26Z","published":"2019-07-19T15:59:26Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7L2J54VOSWKWWHDQ3LUR6WDVPL2TE6XB/#7L2J54VOSWKWWHDQ3LUR6WDVPL2TE6XB"},{"type":"REPORT","url":"https://bugzilla.suse.com/1128140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135727"},{"type":"REPORT","url":"https://bugzilla.suse.com/1135729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12209"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-12210"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9578"}],"related":["CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"],"summary":"Security update for libu2f-host, pam_u2f","upstream":["CVE-2019-12209","CVE-2019-12210","CVE-2019-9578"]}