Описание
Security update for libssh
This update for libssh fixes the following issues:
Security issue fixed:
- CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020).
Non security issue fixed:
- Fix popd syntax to be compatible with newer versions of the bash shell.
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libssh4-0.6.3-12.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libssh-devel-0.6.3-12.6.1
libssh-devel-doc-0.6.3-12.6.1
libssh4-0.6.3-12.6.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libssh4-0.6.3-12.6.1
Ссылки
- Link for SUSE-SU-2018:3253-1
- E-Mail link for SUSE-SU-2018:3253-1
- SUSE Security Ratings
- SUSE Bug 1108020
- SUSE CVE CVE-2018-10933 page
Описание
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libssh4-0.6.3-12.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libssh-devel-0.6.3-12.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libssh-devel-doc-0.6.3-12.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libssh4-0.6.3-12.6.1
Ссылки
- CVE-2018-10933
- SUSE Bug 1108020
- SUSE Bug 1122198