SUSE-SU-2019:3308-1

Опубликовано: 16 дек. 2019

Источник: suse-cvrf

Описание

Security update for libssh

This update for libssh fixes the following issues:

CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095).

Список пакетов

Container suse/sles12sp4:latest

libssh4-0.6.3-12.9.1

Image SLES12-SP4-Azure-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-EC2-HVM-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-GCE-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-OCI-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-Azure

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-Azure-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-EC2-HVM

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-GCE

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-GCE-BYOS

libssh4-0.6.3-12.9.1

Image SLES12-SP4-SAP-OCI-BYOS

libssh4-0.6.3-12.9.1

SUSE Linux Enterprise Desktop 12 SP4

libssh4-0.6.3-12.9.1

libssh4-32bit-0.6.3-12.9.1

SUSE Linux Enterprise Server 12 SP4

libssh4-0.6.3-12.9.1

libssh4-32bit-0.6.3-12.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libssh4-0.6.3-12.9.1

libssh4-32bit-0.6.3-12.9.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libssh-devel-0.6.3-12.9.1

libssh-devel-doc-0.6.3-12.9.1

libssh4-0.6.3-12.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libssh-devel-doc-0.6.3-12.9.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193308-1/
Link for SUSE-SU-2019:3308-1
https://lists.suse.com/pipermail/sle-security-updates/2019-December/006263.html
E-Mail link for SUSE-SU-2019:3308-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1158095
SUSE Bug 1158095
https://www.suse.com/security/cve/CVE-2019-14889/
SUSE CVE CVE-2019-14889 page

Описание

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Затронутые продукты

Container suse/sles12sp4:latest:libssh4-0.6.3-12.9.1

Image SLES12-SP4-Azure-BYOS:libssh4-0.6.3-12.9.1

Image SLES12-SP4-EC2-HVM-BYOS:libssh4-0.6.3-12.9.1

Image SLES12-SP4-GCE-BYOS:libssh4-0.6.3-12.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-14889.html
CVE-2019-14889
https://bugzilla.suse.com/1158095
SUSE Bug 1158095
https://bugzilla.suse.com/1224871
SUSE Bug 1224871

SUSE-SU-2019:3308-1

Описание

Список пакетов

Container suse/sles12sp4:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-14889

Описание

Затронутые продукты

Ссылки