Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:1059-1 Final 1 1 2019-04-27T07:44:04Z current 2019-04-27T07:44:04Z 2019-04-27T07:44:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/sles/15.2/virt-handler:0.38.1-2019-1059,Container suse/sles/15.2/virt-launcher:0.38.1-2019-1059,Container suse/sles/15.3/libguestfs-tools:0.45.0-2019-1059,Container suse/sles/15.3/virt-handler:0.45.0-2019-1059,Container suse/sles/15.3/virt-launcher:0.45.0-2019-1059,Container suse/sles/15.4/libguestfs-tools:0.49.0-2019-1059,Container suse/sles/15.4/virt-handler:0.49.0-2019-1059,Container suse/sles/15.4/virt-launcher:0.49.0-2019-1059,Container suse/sles/15.5/libguestfs-tools:0.58.0-2019-1059,Container suse/sles/15.5/virt-launcher:0.58.0-2019-1059,Image SLES15-SP3-EC2-HVM-2019-1059,Image SLES15-SP3-SAP-Azure-2019-1059,Image SLES15-SP3-SAP-EC2-HVM-2019-1059,Image SLES15-SP3-SAP-GCE-2019-1059,Image SLES15-SP4-SAP-Hardened-EC2-2019-1059,Image SLES15-SP5-SAP-Azure-2019-1059,Image SLES15-SP5-SAP-EC2-2019-1059,Image SLES15-SP5-SAP-GCE-2019-1059,Image SLES15-SP5-SAP-Hardened-EC2-2019-1059,SUSE-2019-1059,SUSE-SLE-Module-Basesystem-15-2019-1059 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20191059-1/ Link for SUSE-SU-2019:1059-1 https://lists.suse.com/pipermail/sle-security-updates/2019-April/005378.html E-Mail link for SUSE-SU-2019:1059-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1133528 SUSE Bug 1133528 https://www.suse.com/security/cve/CVE-2019-3859/ SUSE CVE CVE-2019-3859 page Container suse/sles/15.2/virt-handler:0.38.1 Container suse/sles/15.2/virt-launcher:0.38.1 Container suse/sles/15.3/libguestfs-tools:0.45.0 Container suse/sles/15.3/virt-handler:0.45.0 Container suse/sles/15.3/virt-launcher:0.45.0 Container suse/sles/15.4/libguestfs-tools:0.49.0 Container suse/sles/15.4/virt-handler:0.49.0 Container suse/sles/15.4/virt-launcher:0.49.0 Container suse/sles/15.5/libguestfs-tools:0.58.0 Container suse/sles/15.5/virt-launcher:0.58.0 Image SLES15-SP3-EC2-HVM Image SLES15-SP3-SAP-Azure Image SLES15-SP3-SAP-EC2-HVM Image SLES15-SP3-SAP-GCE Image SLES15-SP4-SAP-Hardened-EC2 Image SLES15-SP5-SAP-Azure Image SLES15-SP5-SAP-EC2 Image SLES15-SP5-SAP-GCE Image SLES15-SP5-SAP-Hardened-EC2 SUSE Linux Enterprise Module for Basesystem 15 libssh2-1-1.8.0-4.6.1 libssh2-1-32bit-1.8.0-4.6.1 libssh2-1-64bit-1.8.0-4.6.1 libssh2-devel-1.8.0-4.6.1 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.2/virt-handler:0.38.1 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.2/virt-launcher:0.38.1 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.3/libguestfs-tools:0.45.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.3/virt-handler:0.45.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.3/virt-launcher:0.45.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.4/libguestfs-tools:0.49.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.4/virt-handler:0.49.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.4/virt-launcher:0.49.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.5/libguestfs-tools:0.58.0 libssh2-1-1.8.0-4.6.1 as a component of Container suse/sles/15.5/virt-launcher:0.58.0 libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP3-EC2-HVM libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP3-SAP-Azure libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP3-SAP-EC2-HVM libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP3-SAP-GCE libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP4-SAP-Hardened-EC2 libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP5-SAP-Azure libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP5-SAP-EC2 libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP5-SAP-GCE libssh2-1-1.8.0-4.6.1 as a component of Image SLES15-SP5-SAP-Hardened-EC2 libssh2-1-1.8.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 libssh2-devel-1.8.0-4.6.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 Container suse/sles/15.2/virt-handler:0.38.1:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.2/virt-launcher:0.38.1:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.3/libguestfs-tools:0.45.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.3/virt-handler:0.45.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.3/virt-launcher:0.45.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.4/libguestfs-tools:0.49.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.4/virt-handler:0.49.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.4/virt-launcher:0.49.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.5/libguestfs-tools:0.58.0:libssh2-1-1.8.0-4.6.1 Container suse/sles/15.5/virt-launcher:0.58.0:libssh2-1-1.8.0-4.6.1 Image SLES15-SP3-EC2-HVM:libssh2-1-1.8.0-4.6.1 Image SLES15-SP3-SAP-Azure:libssh2-1-1.8.0-4.6.1 Image SLES15-SP3-SAP-EC2-HVM:libssh2-1-1.8.0-4.6.1 Image SLES15-SP3-SAP-GCE:libssh2-1-1.8.0-4.6.1 Image SLES15-SP4-SAP-Hardened-EC2:libssh2-1-1.8.0-4.6.1 Image SLES15-SP5-SAP-Azure:libssh2-1-1.8.0-4.6.1 Image SLES15-SP5-SAP-EC2:libssh2-1-1.8.0-4.6.1 Image SLES15-SP5-SAP-GCE:libssh2-1-1.8.0-4.6.1 Image SLES15-SP5-SAP-Hardened-EC2:libssh2-1-1.8.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15:libssh2-1-1.8.0-4.6.1 SUSE Linux Enterprise Module for Basesystem 15:libssh2-devel-1.8.0-4.6.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20191059-1/ https://www.suse.com/security/cve/CVE-2019-3859.html CVE-2019-3859 https://bugzilla.suse.com/1128480 SUSE Bug 1128480 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434