Oval Definition:	oval:org.opensuse.security:def:50535
Revision Date: 2020-12-01 Version: 1 Title: Security update for libssh2_org (Moderate) Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Family: unix Class: patch Status: Reference(s): 1027519 1047962 1049826 1053177 1065022 1065600 1066382 1091107 1099019 1102261 1103276 1110542 1111319 1112911 1113296 1114592 1114908 1115341 1116840 1118758 1119373 1119820 1119873 1120263 1120463 1120629 1120630 1120631 1121611 1122062 1122471 1123137 1123681 1123843 1123865 1123967 1124729 1124734 1124897 1125415 1126284 1127026 1127155 1127220 1127757 1128378 1128471 1128472 1128474 1128476 1128480 1128481 1128490 1128492 1128493 1130161 1131823 1135254 1135749 1137977 1141897 1142649 1142654 1148517 1149032 1149145 1150011 1154063 1159646 1159913 1160305 1160498 1160682 1163026 1163592 1164648 1165631 1167462 1169511 1170415 1172205 1173376 1173377 1173378 1173380 1175721 1175749 1176354 1176590 1177281 1177766 1177799 1177801 1178166 1178173 1178175 1178176 1178177 1178183 1178184 1178185 1178186 1178190 1178191 1178255 1178307 1178330 1178395 663358 764147 965786 978193 993025 CVE-2018-12232 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2018-3646 CVE-2019-14250 CVE-2019-14822 CVE-2019-15847 CVE-2019-17015 CVE-2019-17016 CVE-2019-17017 CVE-2019-17021 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026 CVE-2019-17571 CVE-2019-20372 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 CVE-2019-5108 CVE-2019-6974 CVE-2019-7221 CVE-2019-8912 CVE-2019-9213 CVE-2020-0543 CVE-2020-14374 CVE-2020-14375 CVE-2020-14376 CVE-2020-14377 CVE-2020-14378 CVE-2020-15563 CVE-2020-15565 CVE-2020-15566 CVE-2020-15567 CVE-2020-1749 CVE-2020-25656 CVE-2020-25705 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830 CVE-2020-5208 CVE-2020-8694 SUSE-SU-2018:2409-1 SUSE-SU-2019:2030-1 SUSE-SU-2019:2387-1 SUSE-SU-2019:3061-1 SUSE-SU-2020:0053-1 SUSE-SU-2020:0078-1 SUSE-SU-2020:0348-1 SUSE-SU-2020:0405-1 SUSE-SU-2020:1889-1 SUSE-SU-2020:3273-1 Platform(s): SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Legacy Software 15 SP2 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information libjasper-1.900.1-134.13 is installed OR libjasper-32bit-1.900.1-134.13 is installed Definition Synopsis SUSE Linux Enterprise Desktop 11 SP4 is installed AND Package Information java-1_7_0-openjdk-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-demo-1.7.0.95-0.17 is installed OR java-1_7_0-openjdk-devel-1.7.0.95-0.17 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 is installed AND cifs-utils-6.4-3 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information MozillaFirefox-38.4.0esr-51 is installed OR MozillaFirefox-translations-38.4.0esr-51 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information dhcp-4.3.3-9 is installed OR dhcp-client-4.3.3-9 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information gnutls-3.3.27-1 is installed OR libgnutls28-3.3.27-1 is installed OR libgnutls28-32bit-3.3.27-1 is installed Definition Synopsis SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information apparmor-docs-2.8.2-49 is installed OR apparmor-parser-2.8.2-49 is installed OR apparmor-profiles-2.8.2-49 is installed OR apparmor-utils-2.8.2-49 is installed OR libapparmor1-2.8.2-49 is installed OR libapparmor1-32bit-2.8.2-49 is installed OR pam_apparmor-2.8.2-49 is installed OR pam_apparmor-32bit-2.8.2-49 is installed OR perl-apparmor-2.8.2-49 is installed Definition Synopsis SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information libssh2-1-1.8.0-4.3 is installed OR libssh2-devel-1.8.0-4.3 is installed OR libssh2_org-1.8.0-4.3 is installed Definition Synopsis SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed AND Package Information kernel-default-5.3.18-24.37 is installed OR reiserfs-kmp-default-5.3.18-24.37 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-25_3-default-8-2 is installed OR kernel-livepatch-SLE15_Update_1-8-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_4-default-9-2 is installed OR kernel-livepatch-SLE15-SP1_Update_1-9-2 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information MozillaFirefox-68.4.1-3.66 is installed OR MozillaFirefox-branding-upstream-68.4.1-3.66 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND Package Information libsolv-0.7.5-3.12 is installed OR libsolv-demo-0.7.5-3.12 is installed OR libyui-ncurses-pkg-2.48.5.2-3.5 is installed OR libyui-ncurses-pkg8-2.48.5.2-3.5 is installed OR libyui-qt-pkg-2.45.15.2-3.5 is installed OR libyui-qt-pkg8-2.45.15.2-3.5 is installed OR libzypp-17.12.0-3.23 is installed OR libzypp-devel-doc-17.12.0-3.23 is installed OR python-solv-0.7.5-3.12 is installed OR zypper-1.14.28-3.18 is installed OR zypper-aptitude-1.14.28-3.18 is installed Definition Synopsis SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information dpdk-18.11.9-4.12 is installed OR libdpdk-18_11-18.11.9-4.12 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information xen-4.10.1_08-3.6 is installed OR xen-devel-4.10.1_08-3.6 is installed OR xen-tools-4.10.1_08-3.6 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information xen-4.12.3_04-3.22 is installed OR xen-devel-4.12.3_04-3.22 is installed OR xen-tools-4.12.3_04-3.22 is installed Definition Synopsis SUSE Linux Enterprise Module for Server Applications 15 SP2 is installed AND Package Information graphviz-addons-2.40.1-6.3 is installed OR graphviz-tcl-2.40.1-6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information bash-4.2-75 is installed OR bash-doc-4.2-75 is installed OR libreadline6-6.2-75 is installed OR libreadline6-32bit-6.2-75 is installed OR readline-doc-6.2-75 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND sudo-1.8.10p3-2.16 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND apache-commons-httpclient-3.1-4 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information xen-4.7.5_04-43.33 is installed OR xen-doc-html-4.7.5_04-43.33 is installed OR xen-libs-4.7.5_04-43.33 is installed OR xen-libs-32bit-4.7.5_04-43.33 is installed OR xen-tools-4.7.5_04-43.33 is installed OR xen-tools-domU-4.7.5_04-43.33 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND ucode-intel-20180807-13.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_74-92_38-default-9-2 is installed OR kgraft-patch-SLE12-SP2_Update_13-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information bind-9.9.9P1-62 is installed OR bind-chrootenv-9.9.9P1-62 is installed OR bind-doc-9.9.9P1-62 is installed OR bind-libs-9.9.9P1-62 is installed OR bind-libs-32bit-9.9.9P1-62 is installed OR bind-utils-9.9.9P1-62 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ghostscript-9.27-23.31 is installed OR ghostscript-x11-9.27-23.31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libsolv-0.6.36-2.27.19 is installed OR libsolv-tools-0.6.36-2.27.19 is installed OR libzypp-16.20.2-27.60 is installed OR perl-solv-0.6.36-2.27.19 is installed OR python-solv-0.6.36-2.27.19 is installed OR zypper-1.13.54-18.40 is installed OR zypper-log-1.13.54-18.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information libjavascriptcoregtk-4_0-18-2.22.4-2.29 is installed OR libwebkit2gtk-4_0-37-2.22.4-2.29 is installed OR typelib-1_0-JavaScriptCore-4_0-2.22.4-2.29 is installed OR typelib-1_0-WebKit2-4_0-2.22.4-2.29 is installed OR webkit2gtk-4_0-injected-bundles-2.22.4-2.29 is installed OR webkit2gtk3-2.22.4-2.29 is installed Definition Synopsis SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libunbound2-1.6.8-3.6 is installed OR unbound-1.6.8-3.6 is installed OR unbound-anchor-1.6.8-3.6 is installed OR unbound-devel-1.6.8-3.6 is installed Definition Synopsis SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information xen-4.10.4_12-3.35 is installed OR xen-devel-4.10.4_12-3.35 is installed OR xen-libs-4.10.4_12-3.35 is installed OR xen-tools-4.10.4_12-3.35 is installed OR xen-tools-domU-4.10.4_12-3.35 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.26 is installed OR kernel-default-extra-4.12.14-197.26 is installed Definition Synopsis SUSE OpenStack Cloud 6 is installed AND Package Information openstack-glance-11.0.2~a0~dev2-1 is installed OR python-glance-11.0.2~a0~dev2-1 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information MozillaFirefox-52.9.0esr-109.38 is installed OR MozillaFirefox-devel-52.9.0esr-109.38 is installed OR MozillaFirefox-translations-52.9.0esr-109.38 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information grafana-4.5.1-4.3 is installed OR kafka-0.9.0.1-5.3 is installed OR logstash-2.4.1-5.4 is installed OR openstack-monasca-installer-20180622_15.06-3.6 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libmariadb3-3.0.3-3.3 is installed OR mariadb-10.2.15-4.3 is installed OR mariadb-client-10.2.15-4.3 is installed OR mariadb-connector-c-3.0.3-3.3 is installed OR mariadb-errormessages-10.2.15-4.3 is installed OR mariadb-galera-10.2.15-4.3 is installed OR mariadb-tools-10.2.15-4.3 is installed OR xtrabackup-2.4.10-4.3 is installed
BACK