SUSE-SU-2020:3551-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203551-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3551-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3551-1
Related
Published
2020-11-27T13:54:59Z
Modified
2020-11-27T13:54:59Z
Summary
Security update for libssh2_org
Details

This update for libssh2_org fixes the following issues:

  • Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and bugfixes:

    • adds ECDSA keys and host key support when using OpenSSL
    • adds ED25519 key and host key support when using OpenSSL 1.1.1
    • adds OpenSSH style key file reading
    • adds AES CTR mode support when using WinCNG
    • adds PEM passphrase protected file support for Libgcrypt and WinCNG
    • adds SHA256 hostkey fingerprint
    • adds libssh2agentgetidentitypath() and libssh2agentsetidentitypath()
    • adds explicit zeroing of sensitive data in memory
    • adds additional bounds checks to network buffer reads
    • adds the ability to use the server default permissions when creating sftp directories
    • adds support for building with OpenSSL no engine flag
    • adds support for building with LibreSSL
    • increased sftp packet size to 256k
    • fixed oversized packet handling in sftp
    • fixed building with OpenSSL 1.1
    • fixed a possible crash if sftp stat gets an unexpected response
    • fixed incorrect parsing of the KEX preference string value
    • fixed conditional RSA and AES-CTR support
    • fixed a small memory leak during the key exchange process
    • fixed a possible memory leak of the ssh banner string
    • fixed various small memory leaks in the backends
    • fixed possible out of bounds read when parsing public keys from the server
    • fixed possible out of bounds read when parsing invalid PEM files
    • no longer null terminates the scp remote exec command
    • now handle errors when diffie hellman key pair generation fails
    • improved building instructions
    • improved unit tests
  • Version update to 1.8.2: [bsc#1130103] Bug fixes:

    • Fixed the misapplied userauth patch that broke 1.8.1
    • moved the MAX size declarations from the public header
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Basesystem 15 SP2 / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-ESPOS / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15-LTSS / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15-LTSS / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 / libssh2_org

Package

Name
libssh2_org
Purl
pkg:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.9.0-4.13.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.9.0-4.13.1",
            "libssh2-devel": "1.9.0-4.13.1",
            "libssh2-1-32bit": "1.9.0-4.13.1"
        }
    ]
}