SUSE-SU-2025:20132-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - update to 1.3.2: Relax authfile permission check to a warning instead of an error to prevent a breaking change locking existing users out of their systems. - update to 1.3.1: CVE-2025-23013: Fixed problematic PAMIGNORE return values in...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

SUSE-SU-2025:0198-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517...

Fedora: Security Advisory for pam-u2f (FEDORA-2021-724f4733e9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

DEBIAN-CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

The vulnerability of the $HOME/.config/Yubico/u2f_keys authentication file is related to the PAM module Yubico’s pam-u2f, which allows a perpetrator to disclose protected information.

The vulnerability of the $HOME/.config/Yubico/u2fKeys authentication file is related to the lack of protection for service data in the PAM module Yubico’s pam-u2f. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

DEBIAN-CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

Debian DSA-4389-1 : libu2f-host - security update

Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM...

[SECURITY] [DSA 4389-1] libu2f-host security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4389-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 11, 2019 https://www.debian.org/security/faq -...

Security advisory YSA-2019-01 | Yubico

Yubico library libu2f-host prior to version 1.1.7 contains an unchecked buffer, which could allow a buffer overflow. Libu2f-host is a library that implements the host party of the U2F protocol. This issue can allow an attacker with a custom made malicious USB device masquerading as a security key...