Security update for libssh SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0510-1 Final 1 1 2020-04-12T12:15:12Z current 2020-04-12T12:15:12Z 2020-04-12T12:15:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). This update was imported from the SUSE:SLE-15-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-510 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FX2ZYCDJKC62FZGMUEJVQVEL5OG6CYNN/ E-Mail link for openSUSE-SU-2020:0510-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1168699 SUSE Bug 1168699 https://www.suse.com/security/cve/CVE-2020-1730/ SUSE CVE CVE-2020-1730 page openSUSE Leap 15.1 libssh-devel-0.8.7-lp151.2.12.1 libssh4-0.8.7-lp151.2.12.1 libssh4-32bit-0.8.7-lp151.2.12.1 libssh-devel-0.8.7-lp151.2.12.1 as a component of openSUSE Leap 15.1 libssh4-0.8.7-lp151.2.12.1 as a component of openSUSE Leap 15.1 libssh4-32bit-0.8.7-lp151.2.12.1 as a component of openSUSE Leap 15.1 A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. CVE-2020-1730 openSUSE Leap 15.1:libssh-devel-0.8.7-lp151.2.12.1 openSUSE Leap 15.1:libssh4-0.8.7-lp151.2.12.1 openSUSE Leap 15.1:libssh4-32bit-0.8.7-lp151.2.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FX2ZYCDJKC62FZGMUEJVQVEL5OG6CYNN/ https://www.suse.com/security/cve/CVE-2020-1730.html CVE-2020-1730 https://bugzilla.suse.com/1168699 SUSE Bug 1168699