Описание
Security update for libssh2_org
This update for libssh2_org fixes the following issues:
- Fix the previous fix for CVE-2019-3860 (bsc#1136570, bsc#1128481) (Out-of-bounds reads with specially crafted SFTP packets)
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libssh2-1-1.4.3-20.9.1
Container suse/sles12sp3:latest
libssh2-1-1.4.3-20.9.1
SUSE Enterprise Storage 4
libssh2-1-1.4.3-20.9.1
SUSE Linux Enterprise Desktop 12 SP3
libssh2-1-1.4.3-20.9.1
SUSE Linux Enterprise Desktop 12 SP4
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP2-BCL
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP3
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12 SP4
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server 12-LTSS
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libssh2-devel-1.4.3-20.9.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libssh2-devel-1.4.3-20.9.1
SUSE OpenStack Cloud 7
libssh2-1-1.4.3-20.9.1
libssh2-1-32bit-1.4.3-20.9.1
Ссылки
- Link for SUSE-SU-2019:1606-1
- E-Mail link for SUSE-SU-2019:1606-1
- SUSE Security Ratings
- SUSE Bug 1128481
- SUSE Bug 1136570
- SUSE CVE CVE-2019-3860 page
Описание
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.9.1
Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.9.1
SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.9.1
SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.9.1
Ссылки
- CVE-2019-3860
- SUSE Bug 1128481
- SUSE Bug 1135434
- SUSE Bug 1136570