Detections
Analytics

openSUSE Security Update : libssh2_org (openSUSE-2015-242)

medium Nessus Plugin ID 81946

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

libssh2_org was updated to version 1.5.0 to fix bugs and a security issue.

Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend

Bug fixes :

 - Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782

 - missing _libssh2_error in _libssh2_channel_write

 - knownhost: Fix DSS keys being detected as unknown.

 - knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.

 - libssh2.h: on Windows, a socket is of type SOCKET, not int

 - libssh2_priv.h: a 1 bit bit-field should be unsigned

 - windows build: do not export externals from static library

 - Fixed two potential use-after-frees of the payload buffer

 - Fixed a few memory leaks in error paths

 - userauth: Fixed an attempt to free from stack on error

 - agent_list_identities: Fixed memory leak on OOM

 - knownhosts: Abort if the hosts buffer is too small

 - sftp_close_handle: ensure the handle is always closed

 - channel_close: Close the channel even in the case of errors

 - docs: added missing libssh2_session_handshake.3 file

 - docs: fixed a bunch of typos

 - userauth_password: pass on the underlying error code

 - _libssh2_channel_forward_cancel: accessed struct after free

 - _libssh2_packet_add: avoid using uninitialized memory

 - _libssh2_channel_forward_cancel: avoid memory leaks on error

 - _libssh2_channel_write: client spins on write when window full

 - windows build: fix build errors

 - publickey_packet_receive: avoid junk in returned pointers

 - channel_receive_window_adjust: store windows size always

 - userauth_hostbased_fromfile: zero assign to avoid uninitialized use

 - configure: change LIBS not LDFLAGS when checking for libs

 - agent_connect_unix: make sure there's a trailing zero

 - MinGW build: Fixed redefine warnings.

 - sftpdir.c: added authentication method detection.

 - Watcom build: added support for WinCNG build.

 - configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS

 - sftp_statvfs: fix for servers not supporting statfvs extension

 - knownhost.c: use LIBSSH2_FREE macro instead of free

 - Fixed compilation using mingw-w64

 - knownhost.c: fixed that 'key_type_len' may be used uninitialized

 - configure: Display individual crypto backends on separate lines

 - examples on Windows: check for WSAStartup return code

 - examples on Windows: check for socket return code

 - agent.c: check return code of MapViewOfFile

 - kex.c: fix possible NULL pointer de-reference with session->kex

 - packet.c: fix possible NULL pointer de-reference within listen_state

 - tests on Windows: check for WSAStartup return code

 - userauth.c: improve readability and clarity of for-loops

 - examples on Windows: use native SOCKET-type instead of int

 - packet.c: i < 256 was always true and i would overflow to 0

 - kex.c: make sure mlist is not set to NULL

 - session.c: check return value of session_nonblock in debug mode

 - session.c: check return value of session_nonblock during startup

 - userauth.c: make sure that sp_len is positive and avoid overflows

 - knownhost.c: fix use of uninitialized argument variable wrote

 - openssl: initialise the digest context before calling EVP_DigestInit()

 - libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET

 - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib

 - configure.ac: Rework crypto library detection

 - configure.ac: Reorder --with-* options in --help output

 - configure.ac: Call zlib zlib and not libz in text but keep option names

 - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro

 - sftp: seek: Don't flush buffers on same offset

 - sftp: statvfs: Along error path, reset the correct 'state' variable.

 - sftp: Add support for fsync (OpenSSH extension).

 - _libssh2_channel_read: fix data drop when out of window

 - comp_method_zlib_decomp: Improve buffer growing algorithm

 - _libssh2_channel_read: Honour window_size_initial

 - window_size: redid window handling for flow control reasons

 - knownhosts: handle unknown key types

Solution

Update the affected libssh2_org packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=921070

Plugin Details

Severity: Medium

ID: 81946

File Name: openSUSE-2015-242.nasl

Version: 1.4

Type: local

Agent: unix

Published: 3/19/2015

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libssh2-1, p-cpe:/a:novell:opensuse:libssh2-1-32bit, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libssh2-devel, p-cpe:/a:novell:opensuse:libssh2_org-debugsource, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/11/2015

Reference Information

CVE: CVE-2015-1782