Security update for libssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:3162-1 Final 1 1 2018-10-16T12:06:33Z current 2018-10-16T12:06:33Z 2018-10-16T12:06:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh This update for libssh fixes the following issues: - CVE-2018-10933: Fixed a server mode authentication bypass (bsc#1108020). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Basesystem-15-2018-2244 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20183162-1/ Link for SUSE-SU-2018:3162-1 https://lists.suse.com/pipermail/sle-security-updates/2018-October/004676.html E-Mail link for SUSE-SU-2018:3162-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1108020 SUSE Bug 1108020 https://www.suse.com/security/cve/CVE-2018-10933/ SUSE CVE CVE-2018-10933 page SUSE Linux Enterprise Module for Basesystem 15 libssh-devel-0.7.5-6.3.1 libssh4-0.7.5-6.3.1 libssh4-32bit-0.7.5-6.3.1 libssh-devel-0.7.5-6.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 libssh4-0.7.5-6.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 libssh4-32bit-0.7.5-6.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 SUSE Linux Enterprise Module for Basesystem 15:libssh-devel-0.7.5-6.3.1 SUSE Linux Enterprise Module for Basesystem 15:libssh4-0.7.5-6.3.1 SUSE Linux Enterprise Module for Basesystem 15:libssh4-32bit-0.7.5-6.3.1 critical 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20183162-1/ https://www.suse.com/security/cve/CVE-2018-10933.html CVE-2018-10933 https://bugzilla.suse.com/1108020 SUSE Bug 1108020 https://bugzilla.suse.com/1122198 SUSE Bug 1122198