Описание
Security update for libssh2_org
The ssh client library libssh2_org was updated to fix a security issue.
CVE-2015-1782: A malicious server could send a crafted SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a crash of the libssh2_org using application.
Список пакетов
SUSE Linux Enterprise Desktop 12
libssh2-1-1.4.3-11.1
libssh2-1-32bit-1.4.3-11.1
SUSE Linux Enterprise Server 12
libssh2-1-1.4.3-11.1
libssh2-1-32bit-1.4.3-11.1
SUSE Linux Enterprise Server for SAP Applications 12
libssh2-1-1.4.3-11.1
libssh2-1-32bit-1.4.3-11.1
SUSE Linux Enterprise Software Development Kit 12
libssh2-devel-1.4.3-11.1
Ссылки
- Link for SUSE-SU-2015:0669-1
- E-Mail link for SUSE-SU-2015:0669-1
- SUSE Security Ratings
- SUSE Bug 921070
- SUSE CVE CVE-2015-1782 page
Описание
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libssh2-1-1.4.3-11.1
SUSE Linux Enterprise Desktop 12:libssh2-1-32bit-1.4.3-11.1
SUSE Linux Enterprise Server 12:libssh2-1-1.4.3-11.1
SUSE Linux Enterprise Server 12:libssh2-1-32bit-1.4.3-11.1
Ссылки
- CVE-2015-1782
- SUSE Bug 921070