SUSE-SU-2019:14206-1

Опубликовано: 06 нояб. 2019

Источник: suse-cvrf

Описание

Security update for libssh2_org

This update for libssh2_org fixes the following issue:

CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).

Список пакетов

SUSE Linux Enterprise Server 11 SP4-LTSS

libssh2-1-1.4.3-17.12.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201914206-1/
Link for SUSE-SU-2019:14206-1
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006093.html
E-Mail link for SUSE-SU-2019:14206-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1154862
SUSE Bug 1154862
https://www.suse.com/security/cve/CVE-2019-17498/
SUSE CVE CVE-2019-17498 page

Описание

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4-LTSS:libssh2-1-1.4.3-17.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17498.html
CVE-2019-17498
https://bugzilla.suse.com/1154862
SUSE Bug 1154862
https://bugzilla.suse.com/1171566
SUSE Bug 1171566

SUSE-SU-2019:14206-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4-LTSS

Ссылки

Уязвимость: CVE-2019-17498

Описание

Затронутые продукты

Ссылки