SUSE-SU-2024:0543-1

Source
https://www.suse.com/support/update/announcement/2024/suse-su-20240543-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:0543-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2024:0543-1
Related
Published
2024-02-20T15:04:50Z
Modified
2024-02-20T15:04:50Z
Summary
Security update for libssh2_org
Details

This update for libssh2_org fixes the following issues:

  • Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com' when configuring custom method list. [bsc#1218971, CVE-2023-48795]

    • The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically.
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / libssh2_org

Package

Name
libssh2_org
Purl
purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.0-29.12.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-devel": "1.11.0-29.12.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 SP5 / libssh2_org

Package

Name
libssh2_org
Purl
purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.0-29.12.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.11.0-29.12.1",
            "libssh2-1-32bit": "1.11.0-29.12.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 SP5 / libssh2_org

Package

Name
libssh2_org
Purl
purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.0-29.12.1

Ecosystem specific

{
    "binaries": [
        {
            "libssh2-1": "1.11.0-29.12.1",
            "libssh2-1-32bit": "1.11.0-29.12.1"
        }
    ]
}