Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.1: 2020:2127-1 Important: libcurl Security Patch

opensuse
Calendar Grey November 30, 2020
Dist Opensuse Esm H88
This revision focuses on vulnerabilities for libssh2_org, bolstering defenses against recognized risks.
An update that fixes 10 vulnerabilities is now available

Description

This update for libssh2_org fixes the following issues:

- Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and

bugfixes:

* adds ECDSA keys and host key support when using OpenSSL

* adds ED25519 key and host key support when using OpenSSL 1.1.1

* adds OpenSSH style key file reading

* adds AES CTR mode support when using WinCNG

* adds PEM passphrase protected file support for Libgcrypt and WinCNG

* adds SHA256 hostkey fingerprint

* adds libssh2_agent_get_identity_path() and

libssh2_agent_set_identity_path()

* adds explicit zeroing of sensitive data in memory

* adds additional bounds checks to network buffer reads

* adds the ability to use the server default permissions when creating

sftp directories

* adds support for building with OpenSSL no engine flag

* adds support for building with LibreSSL

* increased sftp packet size to...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security update threat threat mitigation patch instruction openSUSE libssh2 patch instructions libssh2_org

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-2126=1

Package List

- openSUSE Leap 15.1 (i586 x86_64):

libssh2-1-1.9.0-lp151.6.6.1

libssh2-1-debuginfo-1.9.0-lp151.6.6.1

libssh2-devel-1.9.0-lp151.6.6.1

libssh2_org-debugsource-1.9.0-lp151.6.6.1

- openSUSE Leap 15.1 (x86_64):

libssh2-1-32bit-1.9.0-lp151.6.6.1

libssh2-1-32bit-debuginfo-1.9.0-lp151.6.6.1

References

https://www.suse.com/security/cve/CVE-2019-17498.html

https://www.suse.com/security/cve/CVE-2019-3855.html

https://www.suse.com/security/cve/CVE-2019-3856.html

https://www.suse.com/security/cve/CVE-2019-3857.html

https://www.suse.com/security/cve/CVE-2019-3858.html

https://www.suse.com/security/cve/CVE-2019-3859.html

https://www.suse.com/security/cve/CVE-2019-3860.html

https://www.suse.com/security/cve/CVE-2019-3861.html

https://www.suse.com/security/cve/CVE-2019-3862.html

https://www.suse.com/security/cve/CVE-2019-3863.html

https://bugzilla.suse.com/1130103

https://bugzilla.suse.com/1178083

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette:

List Archives:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:2126-1
Rating: moderate
Affected Products: openSUSE Leap 15.1 .

Topics%20covered

Topics Covered

security advisory moderate security update threat threat mitigation patch instruction openSUSE libssh2 patch instructions libssh2_org

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here