openSUSE-SU-2020:0510-1

Опубликовано: 12 апр. 2020

Источник: suse-cvrf

Описание

Security update for libssh

This update for libssh fixes the following issues:

CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

libssh-devel-0.8.7-lp151.2.12.1

libssh4-0.8.7-lp151.2.12.1

libssh4-32bit-0.8.7-lp151.2.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FX2ZYCDJKC62FZGMUEJVQVEL5OG6CYNN/
E-Mail link for openSUSE-SU-2020:0510-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1168699
SUSE Bug 1168699
https://www.suse.com/security/cve/CVE-2020-1730/
SUSE CVE CVE-2020-1730 page

Описание

A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability.

Затронутые продукты

openSUSE Leap 15.1:libssh-devel-0.8.7-lp151.2.12.1

openSUSE Leap 15.1:libssh4-0.8.7-lp151.2.12.1

openSUSE Leap 15.1:libssh4-32bit-0.8.7-lp151.2.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-1730.html
CVE-2020-1730
https://bugzilla.suse.com/1168699
SUSE Bug 1168699

openSUSE-SU-2020:0510-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-1730

Описание

Затронутые продукты

Ссылки