Описание
Security update for libssh2_org
This update for libssh2_org fixes the following issue:
- CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
libssh2-1-1.4.3-20.14.1
Container suse/sles12sp3:latest
libssh2-1-1.4.3-20.14.1
HPE Helion OpenStack 8
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
Image SLES12-SP4-SAP-OCI-BYOS
libssh2-1-1.4.3-20.14.1
SUSE Enterprise Storage 5
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Desktop 12 SP4
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP1-LTSS
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP2-BCL
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP3-BCL
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP4
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server 12 SP5
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libssh2-devel-1.4.3-20.14.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libssh2-devel-1.4.3-20.14.1
SUSE OpenStack Cloud 7
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE OpenStack Cloud 8
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
SUSE OpenStack Cloud Crowbar 8
libssh2-1-1.4.3-20.14.1
libssh2-1-32bit-1.4.3-20.14.1
Ссылки
- Link for SUSE-SU-2019:2936-1
- E-Mail link for SUSE-SU-2019:2936-1
- SUSE Security Ratings
- SUSE Bug 1154862
- SUSE CVE CVE-2019-17498 page
Описание
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.14.1
Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.14.1
HPE Helion OpenStack 8:libssh2-1-1.4.3-20.14.1
HPE Helion OpenStack 8:libssh2-1-32bit-1.4.3-20.14.1
Ссылки
- CVE-2019-17498
- SUSE Bug 1154862
- SUSE Bug 1171566