Описание
Security update for libssh
The encryption library libssh was updated to fix one security issue.
The following vulnerability was fixed:
- CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages.
Список пакетов
SUSE Linux Enterprise Desktop 12
libssh4-0.6.3-8.1
SUSE Linux Enterprise Software Development Kit 12
libssh-devel-0.6.3-8.1
libssh-devel-doc-0.6.3-8.1
libssh4-0.6.3-8.1
Ссылки
- Link for SUSE-SU-2015:1707-2
- E-Mail link for SUSE-SU-2015:1707-2
- SUSE Security Ratings
- SUSE Bug 928323
- SUSE CVE CVE-2015-3146 page
Описание
The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libssh4-0.6.3-8.1
SUSE Linux Enterprise Software Development Kit 12:libssh-devel-0.6.3-8.1
SUSE Linux Enterprise Software Development Kit 12:libssh-devel-doc-0.6.3-8.1
SUSE Linux Enterprise Software Development Kit 12:libssh4-0.6.3-8.1
Ссылки
- CVE-2015-3146
- SUSE Bug 928323