Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0534-1 Final 1 1 2015-03-11T17:26:50Z current 2015-03-11T17:26:50Z 2015-03-11T17:26:50Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org libssh2_org was updated to version 1.5.0 to fix bugs and a security issue. Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend Bug fixes: - Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 - missing _libssh2_error in _libssh2_channel_write - knownhost: Fix DSS keys being detected as unknown. - knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. - libssh2.h: on Windows, a socket is of type SOCKET, not int - libssh2_priv.h: a 1 bit bit-field should be unsigned - windows build: do not export externals from static library - Fixed two potential use-after-frees of the payload buffer - Fixed a few memory leaks in error paths - userauth: Fixed an attempt to free from stack on error - agent_list_identities: Fixed memory leak on OOM - knownhosts: Abort if the hosts buffer is too small - sftp_close_handle: ensure the handle is always closed - channel_close: Close the channel even in the case of errors - docs: added missing libssh2_session_handshake.3 file - docs: fixed a bunch of typos - userauth_password: pass on the underlying error code - _libssh2_channel_forward_cancel: accessed struct after free - _libssh2_packet_add: avoid using uninitialized memory - _libssh2_channel_forward_cancel: avoid memory leaks on error - _libssh2_channel_write: client spins on write when window full - windows build: fix build errors - publickey_packet_receive: avoid junk in returned pointers - channel_receive_window_adjust: store windows size always - userauth_hostbased_fromfile: zero assign to avoid uninitialized use - configure: change LIBS not LDFLAGS when checking for libs - agent_connect_unix: make sure there's a trailing zero - MinGW build: Fixed redefine warnings. - sftpdir.c: added authentication method detection. - Watcom build: added support for WinCNG build. - configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS - sftp_statvfs: fix for servers not supporting statfvs extension - knownhost.c: use LIBSSH2_FREE macro instead of free - Fixed compilation using mingw-w64 - knownhost.c: fixed that 'key_type_len' may be used uninitialized - configure: Display individual crypto backends on separate lines - examples on Windows: check for WSAStartup return code - examples on Windows: check for socket return code - agent.c: check return code of MapViewOfFile - kex.c: fix possible NULL pointer de-reference with session->kex - packet.c: fix possible NULL pointer de-reference within listen_state - tests on Windows: check for WSAStartup return code - userauth.c: improve readability and clarity of for-loops - examples on Windows: use native SOCKET-type instead of int - packet.c: i < 256 was always true and i would overflow to 0 - kex.c: make sure mlist is not set to NULL - session.c: check return value of session_nonblock in debug mode - session.c: check return value of session_nonblock during startup - userauth.c: make sure that sp_len is positive and avoid overflows - knownhost.c: fix use of uninitialized argument variable wrote - openssl: initialise the digest context before calling EVP_DigestInit() - libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib - configure.ac: Rework crypto library detection - configure.ac: Reorder --with-* options in --help output - configure.ac: Call zlib zlib and not libz in text but keep option names - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro - sftp: seek: Don't flush buffers on same offset - sftp: statvfs: Along error path, reset the correct 'state' variable. - sftp: Add support for fsync (OpenSSH extension). - _libssh2_channel_read: fix data drop when out of window - comp_method_zlib_decomp: Improve buffer growing algorithm - _libssh2_channel_read: Honour window_size_initial - window_size: redid window handling for flow control reasons - knownhosts: handle unknown key types The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-03/msg00057.html E-Mail link for openSUSE-SU-2015:0534-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libssh2-1-1.5.0-7.4.1 libssh2-1-32bit-1.5.0-7.4.1 libssh2-devel-1.5.0-7.4.1 libssh2_org-1.5.0-7.4.1 The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. CVE-2015-1782 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00057.html https://www.suse.com/security/cve/CVE-2015-1782.html CVE-2015-1782 https://bugzilla.suse.com/921070 SUSE Bug 921070