Описание
Security update for libssh2_org
The ssh client library libssh2_org was updated to fix a security issue:
* CVE-2015-1782: A malicious server could send a crafted
SSH_MSG_KEXINIT packet, that could lead to a buffer overread and to a
crash of the application using libssh2_org.
Security Issues:
* CVE-2015-1782
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782>
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server 11 SP3
libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Software Development Kit 11 SP3
libssh2-1-1.2.9-4.2.4.1
libssh2-1-32bit-1.2.9-4.2.4.1
libssh2-1-x86-1.2.9-4.2.4.1
libssh2-devel-1.2.9-4.2.4.1
Ссылки
- Link for SUSE-SU-2015:0676-1
- E-Mail link for SUSE-SU-2015:0676-1
- SUSE Security Ratings
- SUSE Bug 921070
- SUSE CVE CVE-2015-1782 page
Описание
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server 11 SP3:libssh2-1-1.2.9-4.2.4.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3:libssh2-1-1.2.9-4.2.4.1
Ссылки
- CVE-2015-1782
- SUSE Bug 921070