Описание
Security update for libssh2_org
This update for libssh2_org fixes the following issue:
- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libssh2-1-1.8.0-4.10.1
libssh2-1-32bit-1.8.0-4.10.1
libssh2-devel-1.8.0-4.10.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libssh2-1-1.8.0-4.10.1
libssh2-1-32bit-1.8.0-4.10.1
libssh2-devel-1.8.0-4.10.1
SUSE Linux Enterprise Server 15-LTSS
libssh2-1-1.8.0-4.10.1
libssh2-1-32bit-1.8.0-4.10.1
libssh2-devel-1.8.0-4.10.1
SUSE Linux Enterprise Server for SAP Applications 15
libssh2-1-1.8.0-4.10.1
libssh2-1-32bit-1.8.0-4.10.1
libssh2-devel-1.8.0-4.10.1
Ссылки
- Link for SUSE-SU-2019:2900-2
- E-Mail link for SUSE-SU-2019:2900-2
- SUSE Security Ratings
- SUSE Bug 1154862
- SUSE CVE CVE-2019-17498 page
Описание
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libssh2-1-1.8.0-4.10.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libssh2-1-32bit-1.8.0-4.10.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libssh2-devel-1.8.0-4.10.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:libssh2-1-1.8.0-4.10.1
Ссылки
- CVE-2019-17498
- SUSE Bug 1154862
- SUSE Bug 1171566