Security update for nmap SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2425-2 Final 1 1 2020-07-08T07:53:05Z current 2020-07-08T07:53:05Z 2020-07-08T07:53:05Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nmap This update for nmap fixes the following issues: Security issue fixed: - CVE-2017-18594: Fixed a denial of service condition due to a double free when an SSH connection fails. (bsc#1148742) Non-security issue fixed: - Fixed a regression in the version scanner caused, by the fix for CVE-2018-15173. (bsc#1135350) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-2425,SUSE-SLE-Module-Basesystem-15-SP2-2020-1874,SUSE-SLE-Module-Packagehub-Subpackages-15-SP1-2020-1874,SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2020-1874 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192425-2/ Link for SUSE-SU-2019:2425-2 https://lists.suse.com/pipermail/sle-security-updates/2020-July/007102.html E-Mail link for SUSE-SU-2019:2425-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1135350 SUSE Bug 1135350 https://bugzilla.suse.com/1148742 SUSE Bug 1148742 https://www.suse.com/security/cve/CVE-2017-18594/ SUSE CVE CVE-2017-18594 page https://www.suse.com/security/cve/CVE-2018-15173/ SUSE CVE CVE-2018-15173 page SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Package Hub 15 SP1 SUSE Linux Enterprise Module for Package Hub 15 SP2 ncat-7.70-3.12.1 ndiff-7.70-3.12.1 nmap-7.70-3.12.1 nping-7.70-3.12.1 zenmap-7.70-3.12.1 nmap-7.70-3.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP2 nping-7.70-3.12.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP1 nping-7.70-3.12.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP2 nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse. CVE-2017-18594 SUSE Linux Enterprise Module for Basesystem 15 SP2:nmap-7.70-3.12.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:nping-7.70-3.12.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:nping-7.70-3.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192425-2/ https://www.suse.com/security/cve/CVE-2017-18594.html CVE-2017-18594 https://bugzilla.suse.com/1148742 SUSE Bug 1148742 Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. CVE-2018-15173 SUSE Linux Enterprise Module for Basesystem 15 SP2:nmap-7.70-3.12.1 SUSE Linux Enterprise Module for Package Hub 15 SP1:nping-7.70-3.12.1 SUSE Linux Enterprise Module for Package Hub 15 SP2:nping-7.70-3.12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192425-2/ https://www.suse.com/security/cve/CVE-2018-15173.html CVE-2018-15173 https://bugzilla.suse.com/1104139 SUSE Bug 1104139