Oval Definition:	oval:org.opensuse.security:def:58236
Revision Date: 2020-12-01 Version: 1 Title: Security update for libssh2_org (Moderate) Description: This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). Family: unix Class: patch Status: Reference(s): 1009085 1014437 1014441 1014442 1015332 1027282 1027712 1032309 1041090 1042670 1056421 1056562 1056621 1056622 1057511 1073269 1073748 1078326 1078485 1081741 1081750 1084650 1086001 1091236 1097356 1104205 1104668 1109209 1128471 1128472 1128474 1128476 1128480 1128481 1128490 1128492 1128493 1133114 1133145 1144903 1149792 1153108 1153158 1153161 1153830 1154212 1155094 1155419 1158442 1159035 1160471 1162202 1162224 1162367 1162825 1165894 1170411 1170441 1171561 1172515 1173144 1176315 945401 CVE-2016-0705 CVE-2016-10507 CVE-2016-2123 CVE-2016-2125 CVE-2016-2126 CVE-2016-9586 CVE-2017-14039 CVE-2017-14040 CVE-2017-14041 CVE-2017-14164 CVE-2017-3732 CVE-2017-3736 CVE-2017-7407 CVE-2018-1050 CVE-2018-12539 CVE-2018-14526 CVE-2018-1517 CVE-2018-1656 CVE-2018-2940 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973 CVE-2018-5848 CVE-2019-10220 CVE-2019-11365 CVE-2019-11366 CVE-2019-15681 CVE-2019-15690 CVE-2019-17133 CVE-2019-17631 CVE-2019-18348 CVE-2019-18634 CVE-2019-20788 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 CVE-2019-9674 CVE-2020-17507 CVE-2020-8163 CVE-2020-8492 SUSE-SU-2016:3271-1 SUSE-SU-2017:1042-1 SUSE-SU-2017:2649-1 SUSE-SU-2018:0832-1 SUSE-SU-2018:2839-2 SUSE-SU-2019:0655-1 SUSE-SU-2019:2829-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0407-1 SUSE-SU-2020:1165-1 SUSE-SU-2020:1524-1 SUSE-SU-2020:2140-1 SUSE-SU-2020:2760-1 Platform(s): openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 Product(s): Definition Synopsis openSUSE Leap 15.0 is installed AND xen-libs-4.10.0_20-lp150.1 is installed Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information dbus-1-1.12.2-lp151.4.3 is installed OR dbus-1-devel-1.12.2-lp151.4.3 is installed OR dbus-1-devel-32bit-1.12.2-lp151.4.3 is installed OR dbus-1-devel-doc-1.12.2-lp151.4.3 is installed OR dbus-1-x11-1.12.2-lp151.4.3 is installed OR libdbus-1-3-1.12.2-lp151.4.3 is installed OR libdbus-1-3-32bit-1.12.2-lp151.4.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libdcerpc-binding0-4.4.2-31 is installed OR libdcerpc-binding0-32bit-4.4.2-31 is installed OR libdcerpc0-4.4.2-31 is installed OR libdcerpc0-32bit-4.4.2-31 is installed OR libndr-krb5pac0-4.4.2-31 is installed OR libndr-krb5pac0-32bit-4.4.2-31 is installed OR libndr-nbt0-4.4.2-31 is installed OR libndr-nbt0-32bit-4.4.2-31 is installed OR libndr-standard0-4.4.2-31 is installed OR libndr-standard0-32bit-4.4.2-31 is installed OR libndr0-4.4.2-31 is installed OR libndr0-32bit-4.4.2-31 is installed OR libnetapi0-4.4.2-31 is installed OR libnetapi0-32bit-4.4.2-31 is installed OR libsamba-credentials0-4.4.2-31 is installed OR libsamba-credentials0-32bit-4.4.2-31 is installed OR libsamba-errors0-4.4.2-31 is installed OR libsamba-errors0-32bit-4.4.2-31 is installed OR libsamba-hostconfig0-4.4.2-31 is installed OR libsamba-hostconfig0-32bit-4.4.2-31 is installed OR libsamba-passdb0-4.4.2-31 is installed OR libsamba-passdb0-32bit-4.4.2-31 is installed OR libsamba-util0-4.4.2-31 is installed OR libsamba-util0-32bit-4.4.2-31 is installed OR libsamdb0-4.4.2-31 is installed OR libsamdb0-32bit-4.4.2-31 is installed OR libsmbclient0-4.4.2-31 is installed OR libsmbclient0-32bit-4.4.2-31 is installed OR libsmbconf0-4.4.2-31 is installed OR libsmbconf0-32bit-4.4.2-31 is installed OR libsmbldap0-4.4.2-31 is installed OR libsmbldap0-32bit-4.4.2-31 is installed OR libtevent-util0-4.4.2-31 is installed OR libtevent-util0-32bit-4.4.2-31 is installed OR libwbclient0-4.4.2-31 is installed OR libwbclient0-32bit-4.4.2-31 is installed OR samba-4.4.2-31 is installed OR samba-client-4.4.2-31 is installed OR samba-client-32bit-4.4.2-31 is installed OR samba-doc-4.4.2-31 is installed OR samba-libs-4.4.2-31 is installed OR samba-libs-32bit-4.4.2-31 is installed OR samba-winbind-4.4.2-31 is installed OR samba-winbind-32bit-4.4.2-31 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-devel-1.8.0_sr5.20-30.36 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.20-30.36 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_120-92_70-default-9-2 is installed OR kgraft-patch-SLE12-SP2_Update_20-9-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_121-92_98-default-8-2 is installed OR kgraft-patch-SLE12-SP2_Update_26-8-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libXinerama1-1.1.3-3 is installed OR libXinerama1-32bit-1.1.3-3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information java-1_8_0-openjdk-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-demo-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-devel-1.8.0.222-27.35 is installed OR java-1_8_0-openjdk-headless-1.8.0.222-27.35 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed OR libwebkit2gtk3-lang-2.28.2-2.53 is installed OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed OR webkit2gtk3-2.28.2-2.53 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_97-default-5-2 is installed OR kgraft-patch-SLE12-SP3_Update_26-5-2 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND ucode-intel-20190312-13.38 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libIlmImf-Imf_2_1-21-2.1.0-6.3 is installed OR openexr-2.1.0-6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-ESPOS is installed AND Package Information libfreebl3-3.53.1-58.48 is installed OR libfreebl3-32bit-3.53.1-58.48 is installed OR libfreebl3-hmac-3.53.1-58.48 is installed OR libfreebl3-hmac-32bit-3.53.1-58.48 is installed OR libsoftokn3-3.53.1-58.48 is installed OR libsoftokn3-32bit-3.53.1-58.48 is installed OR libsoftokn3-hmac-3.53.1-58.48 is installed OR libsoftokn3-hmac-32bit-3.53.1-58.48 is installed OR mozilla-nspr-4.25-19.15 is installed OR mozilla-nspr-32bit-4.25-19.15 is installed OR mozilla-nspr-devel-4.25-19.15 is installed OR mozilla-nss-3.53.1-58.48 is installed OR mozilla-nss-32bit-3.53.1-58.48 is installed OR mozilla-nss-certs-3.53.1-58.48 is installed OR mozilla-nss-certs-32bit-3.53.1-58.48 is installed OR mozilla-nss-devel-3.53.1-58.48 is installed OR mozilla-nss-sysinit-3.53.1-58.48 is installed OR mozilla-nss-sysinit-32bit-3.53.1-58.48 is installed OR mozilla-nss-tools-3.53.1-58.48 is installed Definition Synopsis SUSE OpenStack Cloud 7 is installed AND Package Information libssh2-1-1.4.3-20.3 is installed OR libssh2-1-32bit-1.4.3-20.3 is installed OR libssh2_org-1.4.3-20.3 is installed Definition Synopsis SUSE OpenStack Cloud 8 is installed AND Package Information libmysqlclient18-10.0.38-29.27 is installed OR mariadb-10.0.38-29.27 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed
BACK