libssh-config-0.9.6-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11603 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libssh-config-0.9.6-2.1 on GA media These are all security issues fixed in the libssh-config-0.9.6-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11603 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11603 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-1730/ SUSE CVE CVE-2020-1730 page openSUSE Tumbleweed libssh-config-0.9.6-2.1 libssh-devel-0.9.6-2.1 libssh4-0.9.6-2.1 libssh4-32bit-0.9.6-2.1 libssh-config-0.9.6-2.1 as a component of openSUSE Tumbleweed libssh-devel-0.9.6-2.1 as a component of openSUSE Tumbleweed libssh4-0.9.6-2.1 as a component of openSUSE Tumbleweed libssh4-32bit-0.9.6-2.1 as a component of openSUSE Tumbleweed A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system availability. CVE-2020-1730 openSUSE Tumbleweed:libssh-config-0.9.6-2.1 openSUSE Tumbleweed:libssh-devel-0.9.6-2.1 openSUSE Tumbleweed:libssh4-0.9.6-2.1 openSUSE Tumbleweed:libssh4-32bit-0.9.6-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-1730.html CVE-2020-1730 https://bugzilla.suse.com/1168699 SUSE Bug 1168699