libssh-config-0.9.6-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10998 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libssh-config-0.9.6-1.2 on GA media These are all security issues fixed in the libssh-config-0.9.6-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10998 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10998 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-10933/ SUSE CVE CVE-2018-10933 page https://www.suse.com/security/cve/CVE-2019-14889/ SUSE CVE CVE-2019-14889 page https://www.suse.com/security/cve/CVE-2020-16135/ SUSE CVE CVE-2020-16135 page https://www.suse.com/security/cve/CVE-2021-3634/ SUSE CVE CVE-2021-3634 page openSUSE Tumbleweed libssh-config-0.9.6-1.2 libssh-devel-0.9.6-1.2 libssh4-0.9.6-1.2 libssh4-32bit-0.9.6-1.2 libssh-config-0.9.6-1.2 as a component of openSUSE Tumbleweed libssh-devel-0.9.6-1.2 as a component of openSUSE Tumbleweed libssh4-0.9.6-1.2 as a component of openSUSE Tumbleweed libssh4-32bit-0.9.6-1.2 as a component of openSUSE Tumbleweed A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access. CVE-2018-10933 openSUSE Tumbleweed:libssh-config-0.9.6-1.2 openSUSE Tumbleweed:libssh-devel-0.9.6-1.2 openSUSE Tumbleweed:libssh4-0.9.6-1.2 openSUSE Tumbleweed:libssh4-32bit-0.9.6-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-10933.html CVE-2018-10933 https://bugzilla.suse.com/1108020 SUSE Bug 1108020 https://bugzilla.suse.com/1122198 SUSE Bug 1122198 A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target. CVE-2019-14889 openSUSE Tumbleweed:libssh-config-0.9.6-1.2 openSUSE Tumbleweed:libssh-devel-0.9.6-1.2 openSUSE Tumbleweed:libssh4-0.9.6-1.2 openSUSE Tumbleweed:libssh4-32bit-0.9.6-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-14889.html CVE-2019-14889 https://bugzilla.suse.com/1158095 SUSE Bug 1158095 https://bugzilla.suse.com/1224871 SUSE Bug 1224871 libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. CVE-2020-16135 openSUSE Tumbleweed:libssh-config-0.9.6-1.2 openSUSE Tumbleweed:libssh-devel-0.9.6-1.2 openSUSE Tumbleweed:libssh4-0.9.6-1.2 openSUSE Tumbleweed:libssh4-32bit-0.9.6-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-16135.html CVE-2020-16135 https://bugzilla.suse.com/1174713 SUSE Bug 1174713 A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shared secrets during the lifetime of the session. One of them is called secret_hash and the other session_id. Initially, both of them are the same, but after key re-exchange, previous session_id is kept and used as an input to new secret_hash. Historically, both of these buffers had shared length variable, which worked as long as these buffers were same. But the key re-exchange operation can also change the key exchange method, which can be based on hash of different size, eventually creating "secret_hash" of different size than the session_id has. This becomes an issue when the session_id memory is zeroed or when it is used again during second key re-exchange. CVE-2021-3634 openSUSE Tumbleweed:libssh-config-0.9.6-1.2 openSUSE Tumbleweed:libssh-devel-0.9.6-1.2 openSUSE Tumbleweed:libssh4-0.9.6-1.2 openSUSE Tumbleweed:libssh4-32bit-0.9.6-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3634.html CVE-2021-3634 https://bugzilla.suse.com/1189608 SUSE Bug 1189608 https://bugzilla.suse.com/1194948 SUSE Bug 1194948