openSUSE Security Update : libssh2_org (openSUSE-2015-242)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

libssh2_org was updated to version 1.5.0 to fix bugs and a security
issue.

Changes in 1.5.0: Added Windows Cryptography API: Next Generation
based backend

Bug fixes :

- Security Advisory: Using `SSH_MSG_KEXINIT` data
unbounded, CVE-2015-1782

- missing _libssh2_error in _libssh2_channel_write

- knownhost: Fix DSS keys being detected as unknown.

- knownhost: Restore behaviour of
`libssh2_knownhost_writeline` with short buffer.

- libssh2.h: on Windows, a socket is of type SOCKET, not
int

- libssh2_priv.h: a 1 bit bit-field should be unsigned

- windows build: do not export externals from static
library

- Fixed two potential use-after-frees of the payload
buffer

- Fixed a few memory leaks in error paths

- userauth: Fixed an attempt to free from stack on error

- agent_list_identities: Fixed memory leak on OOM

- knownhosts: Abort if the hosts buffer is too small

- sftp_close_handle: ensure the handle is always closed

- channel_close: Close the channel even in the case of
errors

- docs: added missing libssh2_session_handshake.3 file

- docs: fixed a bunch of typos

- userauth_password: pass on the underlying error code

- _libssh2_channel_forward_cancel: accessed struct after
free

- _libssh2_packet_add: avoid using uninitialized memory

- _libssh2_channel_forward_cancel: avoid memory leaks on
error

- _libssh2_channel_write: client spins on write when
window full

- windows build: fix build errors

- publickey_packet_receive: avoid junk in returned
pointers

- channel_receive_window_adjust: store windows size always

- userauth_hostbased_fromfile: zero assign to avoid
uninitialized use

- configure: change LIBS not LDFLAGS when checking for
libs

- agent_connect_unix: make sure there's a trailing zero

- MinGW build: Fixed redefine warnings.

- sftpdir.c: added authentication method detection.

- Watcom build: added support for WinCNG build.

- configure.ac: replace AM_CONFIG_HEADER with
AC_CONFIG_HEADERS

- sftp_statvfs: fix for servers not supporting statfvs
extension

- knownhost.c: use LIBSSH2_FREE macro instead of free

- Fixed compilation using mingw-w64

- knownhost.c: fixed that 'key_type_len' may be used
uninitialized

- configure: Display individual crypto backends on
separate lines

- examples on Windows: check for WSAStartup return code

- examples on Windows: check for socket return code

- agent.c: check return code of MapViewOfFile

- kex.c: fix possible NULL pointer de-reference with
session->kex

- packet.c: fix possible NULL pointer de-reference within
listen_state

- tests on Windows: check for WSAStartup return code

- userauth.c: improve readability and clarity of for-loops

- examples on Windows: use native SOCKET-type instead of
int

- packet.c: i < 256 was always true and i would overflow
to 0

- kex.c: make sure mlist is not set to NULL

- session.c: check return value of session_nonblock in
debug mode

- session.c: check return value of session_nonblock during
startup

- userauth.c: make sure that sp_len is positive and avoid
overflows

- knownhost.c: fix use of uninitialized argument variable
wrote

- openssl: initialise the digest context before calling
EVP_DigestInit()

- libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET

- configure.ac: Add zlib to Requires.private in libssh2.pc
if using zlib

- configure.ac: Rework crypto library detection

- configure.ac: Reorder --with-* options in --help output

- configure.ac: Call zlib zlib and not libz in text but
keep option names

- Fix non-autotools builds: Always define the
LIBSSH2_OPENSSL CPP macro

- sftp: seek: Don't flush buffers on same offset

- sftp: statvfs: Along error path, reset the correct
'state' variable.

- sftp: Add support for fsync (OpenSSH extension).

- _libssh2_channel_read: fix data drop when out of window

- comp_method_zlib_decomp: Improve buffer growing
algorithm

- _libssh2_channel_read: Honour window_size_initial

- window_size: redid window handling for flow control
reasons

- knownhosts: handle unknown key types

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=921070

Solution :

Update the affected libssh2_org packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 81946 ()

Bugtraq ID:

CVE ID: CVE-2015-1782

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now