Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:2129-1 Final 1 1 2020-12-01T05:25:38Z current 2020-12-01T05:25:38Z 2020-12-01T05:25:38Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org This update for libssh2_org fixes the following issues: - Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Version update to 1.8.2: [bsc#1130103] Bug fixes: * Fixed the misapplied userauth patch that broke 1.8.1 * moved the MAX size declarations from the public header This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-2129 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ E-Mail link for openSUSE-SU-2020:2129-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1178083 SUSE Bug 1178083 https://www.suse.com/security/cve/CVE-2019-17498/ SUSE CVE CVE-2019-17498 page https://www.suse.com/security/cve/CVE-2019-3855/ SUSE CVE CVE-2019-3855 page https://www.suse.com/security/cve/CVE-2019-3856/ SUSE CVE CVE-2019-3856 page https://www.suse.com/security/cve/CVE-2019-3857/ SUSE CVE CVE-2019-3857 page https://www.suse.com/security/cve/CVE-2019-3858/ SUSE CVE CVE-2019-3858 page https://www.suse.com/security/cve/CVE-2019-3859/ SUSE CVE CVE-2019-3859 page https://www.suse.com/security/cve/CVE-2019-3860/ SUSE CVE CVE-2019-3860 page https://www.suse.com/security/cve/CVE-2019-3861/ SUSE CVE CVE-2019-3861 page https://www.suse.com/security/cve/CVE-2019-3862/ SUSE CVE CVE-2019-3862 page https://www.suse.com/security/cve/CVE-2019-3863/ SUSE CVE CVE-2019-3863 page openSUSE Leap 15.2 libssh2-1-1.9.0-lp152.8.3.1 libssh2-1-32bit-1.9.0-lp152.8.3.1 libssh2-devel-1.9.0-lp152.8.3.1 libssh2-1-1.9.0-lp152.8.3.1 as a component of openSUSE Leap 15.2 libssh2-1-32bit-1.9.0-lp152.8.3.1 as a component of openSUSE Leap 15.2 libssh2-devel-1.9.0-lp152.8.3.1 as a component of openSUSE Leap 15.2 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. CVE-2019-17498 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-17498.html CVE-2019-17498 https://bugzilla.suse.com/1154862 SUSE Bug 1154862 https://bugzilla.suse.com/1171566 SUSE Bug 1171566 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3855 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3855.html CVE-2019-3855 https://bugzilla.suse.com/1128471 SUSE Bug 1128471 https://bugzilla.suse.com/1134329 SUSE Bug 1134329 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 https://bugzilla.suse.com/1141850 SUSE Bug 1141850 An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3856 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3856.html CVE-2019-3856 https://bugzilla.suse.com/1128472 SUSE Bug 1128472 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. CVE-2019-3857 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3857.html CVE-2019-3857 https://bugzilla.suse.com/1128474 SUSE Bug 1128474 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3858 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3858.html CVE-2019-3858 https://bugzilla.suse.com/1128476 SUSE Bug 1128476 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3859.html CVE-2019-3859 https://bugzilla.suse.com/1128480 SUSE Bug 1128480 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3860 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3860.html CVE-2019-3860 https://bugzilla.suse.com/1128481 SUSE Bug 1128481 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 https://bugzilla.suse.com/1136570 SUSE Bug 1136570 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3861 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3861.html CVE-2019-3861 https://bugzilla.suse.com/1128490 SUSE Bug 1128490 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3862 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3862.html CVE-2019-3862 https://bugzilla.suse.com/1128492 SUSE Bug 1128492 https://bugzilla.suse.com/1135434 SUSE Bug 1135434 A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. CVE-2019-3863 openSUSE Leap 15.2:libssh2-1-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-1-32bit-1.9.0-lp152.8.3.1 openSUSE Leap 15.2:libssh2-devel-1.9.0-lp152.8.3.1 low 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HAQH2P56QS5PVJGYRATVMCCAWSF5JABQ/ https://www.suse.com/security/cve/CVE-2019-3863.html CVE-2019-3863 https://bugzilla.suse.com/1128493 SUSE Bug 1128493 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434