SUSE-SU-2021:1755-1 -- SLES libu2f-host, u2f-hostID: oval:org.secpod.oval:def:89047185 | Date: (C)2022-10-21 (M)2023-11-13 |
Class: PATCH | Family: unix |
This update for libu2f-host fixes the following issues: This update ships the u2f-host package Version 1.1.10 - Add new devices to udev rules. - Fix a potentially uninitialized buffer Version 1.1.9 - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1.8 - Add udev rules - Drop 70-old-u2f.rules and use 70-u2f.rules for everything - Use a random nonce for setting up CID to prevent fingerprinting - CVE-2019-9578: Parse the response to init in a more stable way to prevent leakage of uninitialized stack memory back to the device . Version 1.1.7 - Fix for trusting length from device in device init. - Fix for buffer overflow when receiving data from device. - Add udev rules for some new devices. - Add udev rule for Feitian ePass FIDO - Add a timeout to the register and authenticate actions.
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |
SUSE Linux Enterprise Desktop 15 SP2 |
SUSE Linux Enterprise Desktop 15 SP3 |
Product: |
libu2f-host |
u2f-host |