Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE 42.3: 2019:1075-1 Moderate: libssh2_org Multiple Threats

opensuse
Calendar Grey March 28, 2019
Dist Opensuse Esm H88
A major security patch is released for openSUSE to fix vulnerabilities in the libssh2_org package, essential for protecting system integrity and confidentiality
An update that solves 9 vulnerabilities and has one errata is now available.

Description

This update for libssh2_org fixes the following issues:

Security issues fixed:

- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH

packets (bsc#1128490).

- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially

crafted message channel request packet (bsc#1128492).

- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP

packets (bsc#1128481).

- CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard

interactive which could allow out-of-bounds writes with specially

crafted keyboard responses (bsc#1128493).

- CVE-2019-3856: Fixed a potential Integer overflow in keyboard

interactive handling which could allow out-of-bounds write with

specially crafted payload (bsc#1128472).

- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads

due to unchecked use of _libssh2_packet_require and

_libssh2_packet_requirev (bsc#1128480).

- CVE-2019-3855:...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software patch moderate severity multiple threats openSUSE errata libssh2_org

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1075=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

libssh2-1-1.4.3-19.3.1

libssh2-1-debuginfo-1.4.3-19.3.1

libssh2-devel-1.4.3-19.3.1

libssh2_org-debugsource-1.4.3-19.3.1

- openSUSE Leap 42.3 (x86_64):

libssh2-1-32bit-1.4.3-19.3.1

libssh2-1-debuginfo-32bit-1.4.3-19.3.1

References

https://www.suse.com/security/cve/CVE-2019-3855.html

https://www.suse.com/security/cve/CVE-2019-3856.html

https://www.suse.com/security/cve/CVE-2019-3857.html

https://www.suse.com/security/cve/CVE-2019-3858.html

https://www.suse.com/security/cve/CVE-2019-3859.html

https://www.suse.com/security/cve/CVE-2019-3860.html

https://www.suse.com/security/cve/CVE-2019-3861.html

https://www.suse.com/security/cve/CVE-2019-3862.html

https://www.suse.com/security/cve/CVE-2019-3863.html

https://bugzilla.suse.com/1091236

https://bugzilla.suse.com/1128471

https://bugzilla.suse.com/1128472

https://bugzilla.suse.com/1128474

https://bugzilla.suse.com/1128476

https://bugzilla.suse.com/1128480

https://bugzilla.suse.com/1128481

https://bugzilla.suse.com/1128490

https://bugzilla.suse.com/1128492

https://bugzilla.suse.com/1128493

--

Announcement ID: openSUSE-SU-2019:1075-1
Rating: moderate
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory software patch moderate severity multiple threats openSUSE errata libssh2_org

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here