Oval Definition:oval:org.opensuse.security:def:52281
Revision Date:2020-12-01Version:1
Title:Security update for libssh2_org (Moderate)
Description:

This update for libssh2_org fixes the following issues:

- Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests

- Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header
Family:unixClass:patch
Status:Reference(s):1046303
1046305
1046306
1046307
1046540
1046542
1046543
1048129
1050242
1050252
1050529
1050536
1050538
1050545
1050549
1050662
1051510
1052766
1055968
1056427
1056643
1056651
1056653
1056657
1056658
1056662
1056686
1056787
1058115
1058513
1058659
1058717
1060463
1061024
1061840
1062897
1064802
1065600
1066110
1066129
1068032
1068054
1071218
1071995
1072829
1072856
1073513
1073765
1073960
1074562
1074578
1074701
1074741
1074873
1074919
1075006
1075007
1075262
1075419
1075748
1075876
1076049
1076115
1076372
1076830
1077338
1078248
1078353
1079152
1079747
1080039
1080542
1081599
1082485
1082504
1082869
1082962
1083647
1083900
1084001
1084570
1085308
1085539
1085626
1085933
1085936
1085937
1085938
1085939
1085941
1086282
1086283
1086286
1086288
1086319
1086323
1086400
1086652
1086739
1087078
1087082
1087084
1087092
1087205
1087210
1087213
1087214
1087284
1087405
1087458
1087939
1087978
1088354
1088690
1088704
1088722
1088796
1088804
1088821
1088866
1089115
1089268
1089467
1089608
1089663
1089664
1089667
1089669
1089752
1089753
1089878
1090150
1090457
1090605
1090643
1090646
1090658
1090734
1090888
1090953
1091158
1091171
1091424
1091594
1091666
1091678
1091686
1091781
1091782
1091815
1091860
1091960
1092100
1092472
1092710
1092772
1092888
1092904
1092975
1093023
1093027
1093035
1093118
1093148
1093158
1093184
1093205
1093273
1093290
1093604
1093641
1093649
1093653
1093655
1093657
1093663
1093721
1093728
1093904
1093990
1094244
1094356
1094420
1094541
1094575
1094751
1094825
1094840
1094912
1094978
1095042
1095094
1095115
1095155
1095265
1095321
1095337
1095467
1095573
1095735
1095893
1096065
1096480
1096529
1096696
1096705
1096728
1096753
1096790
1096793
1097034
1097105
1097234
1097356
1097373
1097439
1097465
1097468
1097470
1097471
1097472
1097551
1097780
1097796
1097800
1097941
1097961
1098016
1098043
1098050
1098174
1098176
1098236
1098401
1098425
1098435
1098599
1098626
1098706
1098983
1098995
1099029
1099041
1099109
1099142
1099183
1099715
1099792
1099918
1099924
1099966
1100132
1100209
1100340
1100362
1100382
1100394
1100416
1100418
1100491
1100602
1100633
1100843
1101296
1101315
1101324
1130103
1130694
1133267
1135824
1159670
1162117
1166751
1166844
1166916
1172004
1172442
1172443
1175987
1176024
1176294
1176397
1177867
1177895
1178083
1178319
1178361
1178362
1178485
971975
975772
CVE-2006-7250
CVE-2008-1227
CVE-2009-0590
CVE-2009-0591
CVE-2009-0789
CVE-2009-1377
CVE-2009-1378
CVE-2009-1379
CVE-2009-1386
CVE-2009-1387
CVE-2009-1892
CVE-2009-3245
CVE-2009-3555
CVE-2009-4355
CVE-2009-5146
CVE-2010-0740
CVE-2010-2156
CVE-2010-2939
CVE-2010-3611
CVE-2010-3616
CVE-2010-3864
CVE-2010-4180
CVE-2010-4252
CVE-2011-0014
CVE-2011-0413
CVE-2011-0460
CVE-2011-0997
CVE-2011-1709
CVE-2011-2748
CVE-2011-2749
CVE-2011-3210
CVE-2011-4108
CVE-2011-4109
CVE-2011-4354
CVE-2011-4405
CVE-2011-4539
CVE-2011-4576
CVE-2011-4577
CVE-2011-4619
CVE-2011-4868
CVE-2011-5095
CVE-2012-0050
CVE-2012-0884
CVE-2012-1165
CVE-2012-2110
CVE-2012-2131
CVE-2012-2333
CVE-2012-3570
CVE-2012-3571
CVE-2012-3954
CVE-2012-3955
CVE-2012-4929
CVE-2013-0166
CVE-2013-0169
CVE-2013-2266
CVE-2013-6487
CVE-2014-0076
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
CVE-2014-3505
CVE-2014-3506
CVE-2014-3507
CVE-2014-3508
CVE-2014-3510
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-3775
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0209
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
CVE-2015-0292
CVE-2015-0293
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-3195
CVE-2015-3197
CVE-2015-3216
CVE-2015-4000
CVE-2015-8605
CVE-2016-0702
CVE-2016-0797
CVE-2016-0799
CVE-2016-0800
CVE-2016-2105
CVE-2016-2106
CVE-2016-2108
CVE-2016-2109
CVE-2016-2177
CVE-2016-2178
CVE-2016-2179
CVE-2016-2181
CVE-2016-2182
CVE-2016-2183
CVE-2016-5759
CVE-2016-6302
CVE-2016-6303
CVE-2016-6304
CVE-2016-6306
CVE-2017-5715
CVE-2017-5753
CVE-2017-5838
CVE-2018-1000200
CVE-2018-1000204
CVE-2018-10087
CVE-2018-10124
CVE-2018-1092
CVE-2018-1093
CVE-2018-1094
CVE-2018-1118
CVE-2018-1120
CVE-2018-1130
CVE-2018-12233
CVE-2018-13053
CVE-2018-13405
CVE-2018-13406
CVE-2018-18511
CVE-2018-3639
CVE-2018-5803
CVE-2018-5848
CVE-2018-7492
CVE-2018-8781
CVE-2018-9385
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-11694
CVE-2019-11698
CVE-2019-17498
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
CVE-2019-5798
CVE-2019-7317
CVE-2019-9797
CVE-2019-9800
CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2020-0556
CVE-2020-10531
CVE-2020-11080
CVE-2020-12693
CVE-2020-16846
CVE-2020-17490
CVE-2020-25592
CVE-2020-27153
CVE-2020-7598
CVE-2020-8174
SUSE-SU-2018:2092-1
SUSE-SU-2019:1458-1
SUSE-SU-2020:1568-1
SUSE-SU-2020:3034-1
SUSE-SU-2020:3244-1
Platform(s):openSUSE Leap 15.0
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP2
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • aaa_base-84.87+git20180409.04c9dae-lp150.1 is installed
  • OR aaa_base-extras-84.87+git20180409.04c9dae-lp150.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND libssh2-0.2-5.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • ImageMagick-6.4.3.6-7.30 is installed
  • OR libMagick++1-6.4.3.6-7.30 is installed
  • OR libMagickCore1-6.4.3.6-7.30 is installed
  • OR libMagickCore1-32bit-6.4.3.6-7.30 is installed
  • OR libMagickWand1-6.4.3.6-7.30 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • java-1_7_0-openjdk-1.7.0.85-0.11 is installed
  • OR java-1_7_0-openjdk-demo-1.7.0.85-0.11 is installed
  • OR java-1_7_0-openjdk-devel-1.7.0.85-0.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND libgadu3-1.11.4-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libsilc-1_1-2-1.1.10-24 is installed
  • OR libsilcclient-1_1-3-1.1.10-24 is installed
  • OR silc-toolkit-1.1.10-24 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • gdm-3.10.0.1-52 is installed
  • OR gdm-lang-3.10.0.1-52 is installed
  • OR gdmflexiserver-3.10.0.1-52 is installed
  • OR libgdm1-3.10.0.1-52 is installed
  • OR typelib-1_0-Gdm-1_0-3.10.0.1-52 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • dhcp-4.3.3-9 is installed
  • OR dhcp-client-4.3.3-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND Package Information
  • gstreamer-1.8.3-9 is installed
  • OR gstreamer-lang-1.8.3-9 is installed
  • OR gstreamer-utils-1.8.3-9 is installed
  • OR libgstreamer-1_0-0-1.8.3-9 is installed
  • OR libgstreamer-1_0-0-32bit-1.8.3-9 is installed
  • OR typelib-1_0-Gst-1_0-1.8.3-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • libssh2-1-32bit-1.9.0-4.13 is installed
  • OR libssh2_org-1.9.0-4.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • libpmi0_20_02-20.02.3-3.8 is installed
  • OR perl-slurm_20_02-20.02.3-3.8 is installed
  • OR slurm_20_02-20.02.3-3.8 is installed
  • OR slurm_20_02-auth-none-20.02.3-3.8 is installed
  • OR slurm_20_02-config-20.02.3-3.8 is installed
  • OR slurm_20_02-config-man-20.02.3-3.8 is installed
  • OR slurm_20_02-cray-20.02.3-3.8 is installed
  • OR slurm_20_02-devel-20.02.3-3.8 is installed
  • OR slurm_20_02-doc-20.02.3-3.8 is installed
  • OR slurm_20_02-hdf5-20.02.3-3.8 is installed
  • OR slurm_20_02-lua-20.02.3-3.8 is installed
  • OR slurm_20_02-munge-20.02.3-3.8 is installed
  • OR slurm_20_02-node-20.02.3-3.8 is installed
  • OR slurm_20_02-openlava-20.02.3-3.8 is installed
  • OR slurm_20_02-pam_slurm-20.02.3-3.8 is installed
  • OR slurm_20_02-plugins-20.02.3-3.8 is installed
  • OR slurm_20_02-rest-20.02.3-3.8 is installed
  • OR slurm_20_02-seff-20.02.3-3.8 is installed
  • OR slurm_20_02-sjstat-20.02.3-3.8 is installed
  • OR slurm_20_02-slurmdbd-20.02.3-3.8 is installed
  • OR slurm_20_02-sql-20.02.3-3.8 is installed
  • OR slurm_20_02-sview-20.02.3-3.8 is installed
  • OR slurm_20_02-torque-20.02.3-3.8 is installed
  • OR slurm_20_02-webdoc-20.02.3-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • libruby2_1-2_1-2.1.2-9 is installed
  • OR ruby2.1-2.1.2-9 is installed
  • OR ruby2.1-stdlib-2.1.2-9 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_62-60_64_8-default-10-2 is installed
  • OR kgraft-patch-3_12_62-60_64_8-xen-10-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_8-10-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • libpcsclite1-1.8.10-3 is installed
  • OR pcsc-lite-1.8.10-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • ntp-4.2.8p11-64.5 is installed
  • OR ntp-doc-4.2.8p11-64.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • ntp-4.2.8p11-64.5 is installed
  • OR ntp-doc-4.2.8p11-64.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND dnsmasq-2.76-17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • MozillaFirefox-68.3.0-109.98 is installed
  • OR MozillaFirefox-translations-common-68.3.0-109.98 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.103 is installed
  • OR kernel-default-base-4.4.180-94.103 is installed
  • OR kernel-default-devel-4.4.180-94.103 is installed
  • OR kernel-default-man-4.4.180-94.103 is installed
  • OR kernel-devel-4.4.180-94.103 is installed
  • OR kernel-macros-4.4.180-94.103 is installed
  • OR kernel-source-4.4.180-94.103 is installed
  • OR kernel-syms-4.4.180-94.103 is installed
  • OR kgraft-patch-4_4_180-94_103-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_28-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libpython3_4m1_0-3.4.6-25.16 is installed
  • OR python3-3.4.6-25.16 is installed
  • OR python3-base-3.4.6-25.16 is installed
  • OR python3-curses-3.4.6-25.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libXxf86vm1-1.1.3-3 is installed
  • OR libXxf86vm1-32bit-1.1.3-3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • AND Package Information
  • nodejs10-10.21.0-1.21 is installed
  • OR nodejs10-devel-10.21.0-1.21 is installed
  • OR nodejs10-docs-10.21.0-1.21 is installed
  • OR npm10-10.21.0-1.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • kernel-default-4.12.14-25.3 is installed
  • OR kernel-default-extra-4.12.14-25.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-60.7.0-3.33 is installed
  • OR MozillaThunderbird-translations-common-60.7.0-3.33 is installed
  • OR MozillaThunderbird-translations-other-60.7.0-3.33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP2 is installed
  • AND Package Information
  • bluez-5.48-13.3 is installed
  • OR bluez-cups-5.48-13.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • xen-4.7.6_04-43.39 is installed
  • OR xen-doc-html-4.7.6_04-43.39 is installed
  • OR xen-libs-4.7.6_04-43.39 is installed
  • OR xen-libs-32bit-4.7.6_04-43.39 is installed
  • OR xen-tools-4.7.6_04-43.39 is installed
  • OR xen-tools-domU-4.7.6_04-43.39 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND cobbler-2.6.6-49.14 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • glibc-2.22-62.22 is installed
  • OR glibc-32bit-2.22-62.22 is installed
  • OR glibc-devel-2.22-62.22 is installed
  • OR glibc-devel-32bit-2.22-62.22 is installed
  • OR glibc-html-2.22-62.22 is installed
  • OR glibc-i18ndata-2.22-62.22 is installed
  • OR glibc-info-2.22-62.22 is installed
  • OR glibc-locale-2.22-62.22 is installed
  • OR glibc-locale-32bit-2.22-62.22 is installed
  • OR glibc-profile-2.22-62.22 is installed
  • OR glibc-profile-32bit-2.22-62.22 is installed
  • OR nscd-2.22-62.22 is installed
    • BACK