Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:14226-1 Final 1 1 2019-11-25T08:12:39Z current 2019-11-25T08:12:39Z 2019-11-25T08:12:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org This update for libssh2_org fixes the following issue: - CVE-2019-17498: Fixed an integer overflow in a bounds check that might have led to the disclosure of sensitive information or a denial of service (bsc#1154862). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-libssh2_org-14226 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-201914226-1/ Link for SUSE-SU-2019:14226-1 https://www.suse.com/support/update/announcement/2019/suse-su-201914226-1.html E-Mail link for SUSE-SU-2019:14226-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1154862 SUSE Bug 1154862 https://www.suse.com/security/cve/CVE-2019-17498/ SUSE CVE CVE-2019-17498 page SUSE Linux Enterprise Point of Sale 11 SP3 libssh2-1-1.2.9-4.2.12.18.1 libssh2-1-1.2.9-4.2.12.18.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. CVE-2019-17498 SUSE Linux Enterprise Point of Sale 11 SP3:libssh2-1-1.2.9-4.2.12.18.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-201914226-1/ https://www.suse.com/security/cve/CVE-2019-17498.html CVE-2019-17498 https://bugzilla.suse.com/1154862 SUSE Bug 1154862 https://bugzilla.suse.com/1171566 SUSE Bug 1171566