Download
| Alert*
oval:org.secpod.oval:def:89003449
This update for libu2f-host and pam_u2f to version 1.0.8 fixes the following issues: Security issues fixed for libu2f-host: - CVE-2019-9578: Fixed a memory leak due to a wrong parse of init"s response . - CVE-2018-20340: Fixed an unchecked buffer, which could allow a buffer overflow with a custom ma ... oval:org.secpod.oval:def:53512 Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2 ... oval:org.secpod.oval:def:603632 Christian Reitter discovered that libu2f-host, a library implementing the host-side of the U2F protocol, failed to properly check for a buffer overflow. This would allow an attacker with a custom made malicious USB device masquerading as a security key, and physical access to a computer where PAM U2 ... oval:org.secpod.oval:def:89047185 This update for libu2f-host fixes the following issues: This update ships the u2f-host package Version 1.1.10 - Add new devices to udev rules. - Fix a potentially uninitialized buffer Version 1.1.9 - Fix CID copying from the init response, which broke compatibility with some devices. Version 1.1 ... |