Oval Definition:oval:org.opensuse.security:def:63879
Revision Date:2020-12-01Version:1
Title:Security update for libssh2_org (Moderate)
Description:

This update for libssh2_org fixes the following issues:

Security issues fixed:

- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474).

Other issue addressed:

- Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236).
Family:unixClass:patch
Status:Reference(s):1084631
1086186
1086227
1086228
1090519
1090840
1091236
1104841
1106878
1107592
1107594
1108404
1115758
1115774
1115795
1128471
1128472
1128474
1128476
1128480
1128481
1128490
1128492
1128493
1129528
1132665
1137990
1142281
1149429
1151186
1153423
1153869
1154738
1155321
1156318
1159329
1161719
1163809
1165528
1166238
1166751
1169658
1173027
1173538
1174538
1174662
1177158
CVE-2017-7418
CVE-2018-1000667
CVE-2018-10016
CVE-2018-10254
CVE-2018-10316
CVE-2018-16382
CVE-2018-16517
CVE-2018-16999
CVE-2018-19214
CVE-2018-19215
CVE-2018-19216
CVE-2018-8881
CVE-2018-8882
CVE-2018-8883
CVE-2019-11757
CVE-2019-11758
CVE-2019-11759
CVE-2019-11760
CVE-2019-11761
CVE-2019-11762
CVE-2019-11763
CVE-2019-11764
CVE-2019-12815
CVE-2019-15903
CVE-2019-20503
CVE-2019-3855
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
CVE-2019-8625
CVE-2019-8710
CVE-2019-8720
CVE-2019-8743
CVE-2019-8764
CVE-2019-8766
CVE-2019-8769
CVE-2019-8771
CVE-2019-8782
CVE-2019-8783
CVE-2019-8808
CVE-2019-8811
CVE-2019-8812
CVE-2019-8813
CVE-2019-8814
CVE-2019-8815
CVE-2019-8816
CVE-2019-8819
CVE-2019-8820
CVE-2019-8823
CVE-2019-8835
CVE-2019-8844
CVE-2019-8846
CVE-2020-0556
CVE-2020-10018
CVE-2020-11793
CVE-2020-14355
CVE-2020-15652
CVE-2020-15659
CVE-2020-3862
CVE-2020-3864
CVE-2020-3865
CVE-2020-3867
CVE-2020-3868
CVE-2020-6463
CVE-2020-6514
CVE-2020-6805
CVE-2020-6806
CVE-2020-6807
CVE-2020-6811
CVE-2020-6812
CVE-2020-6814
CVE-2020-8177
CVE-2020-9862
CVE-2020-9893
CVE-2020-9894
CVE-2020-9895
CVE-2020-9915
CVE-2020-9925
openSUSE-SU-2019:1836-1
openSUSE-SU-2019:2451-1
openSUSE-SU-2020:0479-1
openSUSE-SU-2020:0954-1
openSUSE-SU-2020:1205-1
SUSE-SU-2019:0655-1
SUSE-SU-2020:0717-1
SUSE-SU-2020:1135-1
SUSE-SU-2020:1735-1
SUSE-SU-2020:3084-1
Platform(s):openSUSE Leap 15.1
openSUSE Leap 15.2
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • proftpd-1.3.5e-lp151.3.3 is installed
  • OR proftpd-devel-1.3.5e-lp151.3.3 is installed
  • OR proftpd-doc-1.3.5e-lp151.3.3 is installed
  • OR proftpd-lang-1.3.5e-lp151.3.3 is installed
  • OR proftpd-ldap-1.3.5e-lp151.3.3 is installed
  • OR proftpd-mysql-1.3.5e-lp151.3.3 is installed
  • OR proftpd-pgsql-1.3.5e-lp151.3.3 is installed
  • OR proftpd-radius-1.3.5e-lp151.3.3 is installed
  • OR proftpd-sqlite-1.3.5e-lp151.3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • MozillaThunderbird-68.11.0-lp152.2.7 is installed
  • OR MozillaThunderbird-translations-common-68.11.0-lp152.2.7 is installed
  • OR MozillaThunderbird-translations-other-68.11.0-lp152.2.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • libssh2-1-1.4.3-20.3 is installed
  • OR libssh2-1-32bit-1.4.3-20.3 is installed
  • OR libssh2_org-1.4.3-20.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.4-2.59 is installed
  • OR libwebkit2gtk-4_0-37-2.28.4-2.59 is installed
  • OR libwebkit2gtk3-lang-2.28.4-2.59 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.4-2.59 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.4-2.59 is installed
  • OR typelib-1_0-WebKit2WebExtension-4_0-2.28.4-2.59 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.4-2.59 is installed
  • OR webkit2gtk3-2.28.4-2.59 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND Package Information
  • libspice-server1-0.12.8-15 is installed
  • OR spice-0.12.8-15 is installed
    • BACK