openSUSE Security Update : libssh2_org (openSUSE-2015-242)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

libssh2_org was updated to version 1.5.0 to fix bugs and a security

Changes in 1.5.0: Added Windows Cryptography API: Next Generation
based backend

Bug fixes :

- Security Advisory: Using `SSH_MSG_KEXINIT` data
unbounded, CVE-2015-1782

- missing _libssh2_error in _libssh2_channel_write

- knownhost: Fix DSS keys being detected as unknown.

- knownhost: Restore behaviour of
`libssh2_knownhost_writeline` with short buffer.

- libssh2.h: on Windows, a socket is of type SOCKET, not

- libssh2_priv.h: a 1 bit bit-field should be unsigned

- windows build: do not export externals from static

- Fixed two potential use-after-frees of the payload

- Fixed a few memory leaks in error paths

- userauth: Fixed an attempt to free from stack on error

- agent_list_identities: Fixed memory leak on OOM

- knownhosts: Abort if the hosts buffer is too small

- sftp_close_handle: ensure the handle is always closed

- channel_close: Close the channel even in the case of

- docs: added missing libssh2_session_handshake.3 file

- docs: fixed a bunch of typos

- userauth_password: pass on the underlying error code

- _libssh2_channel_forward_cancel: accessed struct after

- _libssh2_packet_add: avoid using uninitialized memory

- _libssh2_channel_forward_cancel: avoid memory leaks on

- _libssh2_channel_write: client spins on write when
window full

- windows build: fix build errors

- publickey_packet_receive: avoid junk in returned

- channel_receive_window_adjust: store windows size always

- userauth_hostbased_fromfile: zero assign to avoid
uninitialized use

- configure: change LIBS not LDFLAGS when checking for

- agent_connect_unix: make sure there's a trailing zero

- MinGW build: Fixed redefine warnings.

- sftpdir.c: added authentication method detection.

- Watcom build: added support for WinCNG build.

- replace AM_CONFIG_HEADER with

- sftp_statvfs: fix for servers not supporting statfvs

- knownhost.c: use LIBSSH2_FREE macro instead of free

- Fixed compilation using mingw-w64

- knownhost.c: fixed that 'key_type_len' may be used

- configure: Display individual crypto backends on
separate lines

- examples on Windows: check for WSAStartup return code

- examples on Windows: check for socket return code

- agent.c: check return code of MapViewOfFile

- kex.c: fix possible NULL pointer de-reference with

- packet.c: fix possible NULL pointer de-reference within

- tests on Windows: check for WSAStartup return code

- userauth.c: improve readability and clarity of for-loops

- examples on Windows: use native SOCKET-type instead of

- packet.c: i < 256 was always true and i would overflow
to 0

- kex.c: make sure mlist is not set to NULL

- session.c: check return value of session_nonblock in
debug mode

- session.c: check return value of session_nonblock during

- userauth.c: make sure that sp_len is positive and avoid

- knownhost.c: fix use of uninitialized argument variable

- openssl: initialise the digest context before calling

- libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET

- Add zlib to Requires.private in libssh2.pc
if using zlib

- Rework crypto library detection

- Reorder --with-* options in --help output

- Call zlib zlib and not libz in text but
keep option names

- Fix non-autotools builds: Always define the

- sftp: seek: Don't flush buffers on same offset

- sftp: statvfs: Along error path, reset the correct
'state' variable.

- sftp: Add support for fsync (OpenSSH extension).

- _libssh2_channel_read: fix data drop when out of window

- comp_method_zlib_decomp: Improve buffer growing

- _libssh2_channel_read: Honour window_size_initial

- window_size: redid window handling for flow control

- knownhosts: handle unknown key types

See also :

Solution :

Update the affected libssh2_org packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: SuSE Local Security Checks

Nessus Plugin ID: 81946 ()

Bugtraq ID:

CVE ID: CVE-2015-1782

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now