SUSE-SU-2020:0968-1

Опубликовано: 09 апр. 2020

Источник: suse-cvrf

Описание

Security update for libssh

This update for libssh fixes the following issues:

CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699).

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

libssh4-0.8.7-3.9.1

Container suse/sles12sp5:latest

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-Basic-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-HPC-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-HPC-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-SAP-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-SAP-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-Standard-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-EC2-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-EC2-ECS-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-EC2-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-EC2-SAP-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-EC2-SAP-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-GCE-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-GCE-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-GCE-SAP-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-GCE-SAP-On-Demand

libssh4-0.8.7-3.9.1

Image SLES12-SP5-OCI-BYOS-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libssh4-0.8.7-3.9.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libssh4-0.8.7-3.9.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libssh4-0.8.7-3.9.1

SUSE Linux Enterprise Server 12 SP5

libssh4-0.8.7-3.9.1

libssh4-32bit-0.8.7-3.9.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libssh4-0.8.7-3.9.1

libssh4-32bit-0.8.7-3.9.1

SUSE Linux Enterprise Software Development Kit 12 SP5

libssh-devel-0.8.7-3.9.1

libssh4-0.8.7-3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200968-1/
Link for SUSE-SU-2020:0968-1
https://lists.suse.com/pipermail/sle-security-updates/2020-April/006692.html
E-Mail link for SUSE-SU-2020:0968-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1168699
SUSE Bug 1168699
https://www.suse.com/security/cve/CVE-2020-1730/
SUSE CVE CVE-2020-1730 page

Описание

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Затронутые продукты

Container suse/ltss/sle12.5/sles12sp5:latest:libssh4-0.8.7-3.9.1

Container suse/sles12sp5:latest:libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-BYOS:libssh4-0.8.7-3.9.1

Image SLES12-SP5-Azure-Basic-On-Demand:libssh4-0.8.7-3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-1730.html
CVE-2020-1730
https://bugzilla.suse.com/1168699
SUSE Bug 1168699

SUSE-SU-2020:0968-1

Описание

Список пакетов

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp5:latest

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-1730

Описание

Затронутые продукты

Ссылки