9 matches found
openSUSE: Security Advisory for libu2f-host, pam_u2f (openSUSE-SU-2019:1708-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : libu2f-host / pam_u2f (openSUSE-2019-1725)
This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues : Security issues fixed for libu2f-host : - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. Security issues fixed for pamu2f : - CVE-2019-12209: Fixed an issue where symlinks ...
openSUSE Security Update : libu2f-host / pam_u2f (openSUSE-2019-1708)
This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues : Security issues fixed for libu2f-host : - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. Security issues fixed for pamu2f : - CVE-2019-12209: Fixed an issue where symlinks ...
openSUSE: Security Advisory for libu2f-host, pam_u2f (openSUSE-SU-2019:1725-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:1725-1 Security update for libu2f-host, pam_u2f
This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. Security issues fixed for pamu2f: - CVE-2019-12209: Fixed an issue where symlinks in...
SUSE SLED12 / SLES12 Security Update : libu2f-host (SUSE-SU-2019:1749-1)
This update for libu2f-host and pamu2f to version 1.0.8 fixes the following issues : Security issues fixed for libu2f-host : CVE-2019-9578: Fixed a memory leak due to a wrong parse of init's response bsc1128140. CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a...
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
CVE-2019-12209
CVE-2019-12209 affects Yubico PAM-u2f, specifically the 1.0.7 release. The vulnerability arises when parsing the configured authfile (default $HOME/.config/Yubico/u2f_keys): the path is treated with root permissions and there is insufficient verification that the path contains no symlinks pointin...