Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:0655-1 Final 1 1 2019-03-20T09:31:34Z current 2019-03-20T09:31:34Z 2019-03-20T09:31:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org This update for libssh2_org fixes the following issues: Security issues fixed: - CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490). - CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492). - CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481). - CVE-2019-3863: Fixed an Integer overflow in user authenticate keyboard interactive which could allow out-of-bounds writes with specially crafted keyboard responses (bsc#1128493). - CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write with specially crafted payload (bsc#1128472). - CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev (bsc#1128480). - CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially crafted payload (bsc#1128471). - CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted SFTP packet (bsc#1128476). - CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet (bsc#1128474). Other issue addressed: - Libbssh2 will stop using keys unsupported types in the known_hosts file (bsc#1091236). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container caasp/v4/nginx-ingress-controller:beta1-2019-655,Container suse/sles12sp3:latest-2019-655,SUSE-2019-655,SUSE-OpenStack-Cloud-7-2019-655,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-655,SUSE-SLE-DESKTOP-12-SP3-2019-655,SUSE-SLE-DESKTOP-12-SP4-2019-655,SUSE-SLE-SAP-12-SP1-2019-655,SUSE-SLE-SAP-12-SP2-2019-655,SUSE-SLE-SDK-12-SP3-2019-655,SUSE-SLE-SDK-12-SP4-2019-655,SUSE-SLE-SERVER-12-2019-655,SUSE-SLE-SERVER-12-SP1-2019-655,SUSE-SLE-SERVER-12-SP2-2019-655,SUSE-SLE-SERVER-12-SP2-BCL-2019-655,SUSE-SLE-SERVER-12-SP3-2019-655,SUSE-SLE-SERVER-12-SP4-2019-655,SUSE-Storage-4-2019-655 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ Link for SUSE-SU-2019:0655-1 https://lists.suse.com/pipermail/sle-security-updates/2019-March/005210.html E-Mail link for SUSE-SU-2019:0655-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1091236 SUSE Bug 1091236 https://bugzilla.suse.com/1128471 SUSE Bug 1128471 https://bugzilla.suse.com/1128472 SUSE Bug 1128472 https://bugzilla.suse.com/1128474 SUSE Bug 1128474 https://bugzilla.suse.com/1128476 SUSE Bug 1128476 https://bugzilla.suse.com/1128480 SUSE Bug 1128480 https://bugzilla.suse.com/1128481 SUSE Bug 1128481 https://bugzilla.suse.com/1128490 SUSE Bug 1128490 https://bugzilla.suse.com/1128492 SUSE Bug 1128492 https://bugzilla.suse.com/1128493 SUSE Bug 1128493 https://www.suse.com/security/cve/CVE-2019-3855/ SUSE CVE CVE-2019-3855 page https://www.suse.com/security/cve/CVE-2019-3856/ SUSE CVE CVE-2019-3856 page https://www.suse.com/security/cve/CVE-2019-3857/ SUSE CVE CVE-2019-3857 page https://www.suse.com/security/cve/CVE-2019-3858/ SUSE CVE CVE-2019-3858 page https://www.suse.com/security/cve/CVE-2019-3859/ SUSE CVE CVE-2019-3859 page https://www.suse.com/security/cve/CVE-2019-3860/ SUSE CVE CVE-2019-3860 page https://www.suse.com/security/cve/CVE-2019-3861/ SUSE CVE CVE-2019-3861 page https://www.suse.com/security/cve/CVE-2019-3862/ SUSE CVE CVE-2019-3862 page https://www.suse.com/security/cve/CVE-2019-3863/ SUSE CVE CVE-2019-3863 page Container caasp/v4/nginx-ingress-controller:beta1 Container suse/sles12sp3:latest SUSE Enterprise Storage 4 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Software Development Kit 12 SP3 SUSE Linux Enterprise Software Development Kit 12 SP4 SUSE OpenStack Cloud 7 libssh2-1-1.4.3-20.3.1 libssh2-1-32bit-1.4.3-20.3.1 libssh2-1-64bit-1.4.3-20.3.1 libssh2-devel-1.4.3-20.3.1 libssh2-1-1.4.3-20.3.1 as a component of Container caasp/v4/nginx-ingress-controller:beta1 libssh2-1-1.4.3-20.3.1 as a component of Container suse/sles12sp3:latest libssh2-1-1.4.3-20.3.1 as a component of SUSE Enterprise Storage 4 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Enterprise Storage 4 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP3 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Desktop 12 SP4 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP1-LTSS libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP3 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP3 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP4 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12 SP4 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 libssh2-1-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 libssh2-devel-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP3 libssh2-devel-1.4.3-20.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP4 libssh2-1-1.4.3-20.3.1 as a component of SUSE OpenStack Cloud 7 libssh2-1-32bit-1.4.3-20.3.1 as a component of SUSE OpenStack Cloud 7 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3855 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3855.html CVE-2019-3855 https://bugzilla.suse.com/1128471 SUSE Bug 1128471 https://bugzilla.suse.com/1134329 SUSE Bug 1134329 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 https://bugzilla.suse.com/1141850 SUSE Bug 1141850 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3856 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3856.html CVE-2019-3856 https://bugzilla.suse.com/1128472 SUSE Bug 1128472 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3857 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3857.html CVE-2019-3857 https://bugzilla.suse.com/1128474 SUSE Bug 1128474 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3858 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 4.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3858.html CVE-2019-3858 https://bugzilla.suse.com/1128476 SUSE Bug 1128476 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3859.html CVE-2019-3859 https://bugzilla.suse.com/1128480 SUSE Bug 1128480 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3860 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3860.html CVE-2019-3860 https://bugzilla.suse.com/1128481 SUSE Bug 1128481 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 https://bugzilla.suse.com/1136570 SUSE Bug 1136570 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3861 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3861.html CVE-2019-3861 https://bugzilla.suse.com/1128490 SUSE Bug 1128490 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3862 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3862.html CVE-2019-3862 https://bugzilla.suse.com/1128492 SUSE Bug 1128492 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error. CVE-2019-3863 Container caasp/v4/nginx-ingress-controller:beta1:libssh2-1-1.4.3-20.3.1 Container suse/sles12sp3:latest:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-1.4.3-20.3.1 SUSE Enterprise Storage 4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Desktop 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP1-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP2-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server 12-LTSS:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-1.4.3-20.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:libssh2-1-32bit-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP3:libssh2-devel-1.4.3-20.3.1 SUSE Linux Enterprise Software Development Kit 12 SP4:libssh2-devel-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-1.4.3-20.3.1 SUSE OpenStack Cloud 7:libssh2-1-32bit-1.4.3-20.3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 3.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1/ https://www.suse.com/security/cve/CVE-2019-3863.html CVE-2019-3863 https://bugzilla.suse.com/1128493 SUSE Bug 1128493 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434