Описание
Security update for libssh2_org
This update for libssh2_org fixes the following issues:
- Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103]
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libssh2-1-1.4.3-20.6.1
Container suse/sles12sp3:latest
libssh2-1-1.4.3-20.6.1
SUSE Enterprise Storage 4
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Desktop 12 SP3
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Desktop 12 SP4
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12 SP2-BCL
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12 SP3
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12 SP4
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server 12-LTSS
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libssh2-devel-1.4.3-20.6.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libssh2-devel-1.4.3-20.6.1
SUSE OpenStack Cloud 7
libssh2-1-1.4.3-20.6.1
libssh2-1-32bit-1.4.3-20.6.1
Ссылки
- Link for SUSE-SU-2019:1060-1
- E-Mail link for SUSE-SU-2019:1060-1
- SUSE Security Ratings
- SUSE Bug 1130103
- SUSE Bug 1133528
- SUSE CVE CVE-2019-3859 page
Описание
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.6.1
Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.6.1
SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.6.1
SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.6.1
Ссылки
- CVE-2019-3859
- SUSE Bug 1128480
- SUSE Bug 1130103
- SUSE Bug 1135434