SUSE SLES15 Security Update : libssh (SUSE-SU-2024:0525-1)

medium Nessus Plugin ID 190754

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0525-1 advisory.

Update to version 0.9.8 (jsc#PED-7719):

* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes

Update to version 0.9.7:

* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code

Update to version 0.9.6 (bsc#1189608, CVE-2021-3634):

* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6


Update to 0.9.5 (bsc#1174713, CVE-2020-16135):

* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite

Update to version 0.9.4

* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699)

Update to version 0.9.3

* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer

Update to version 0.9.2

* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)

Update to version 0.9.1

* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)

- Split out configuration to separate package to not mess up the library packaging and coinstallation

Update to verion 0.9.0

* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures

- Add libssh client and server config files

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libssh-config, libssh-devel, libssh4 and / or libssh4-32bit packages.

See Also

https://bugzilla.suse.com/1158095

https://bugzilla.suse.com/1168699

https://bugzilla.suse.com/1174713

https://bugzilla.suse.com/1189608

https://bugzilla.suse.com/1211188

https://bugzilla.suse.com/1211190

https://bugzilla.suse.com/1218126

https://bugzilla.suse.com/1218186

https://bugzilla.suse.com/1218209

https://www.suse.com/security/cve/CVE-2019-14889

https://www.suse.com/security/cve/CVE-2020-16135

https://www.suse.com/security/cve/CVE-2020-1730

https://www.suse.com/security/cve/CVE-2021-3634

https://www.suse.com/security/cve/CVE-2023-1667

https://www.suse.com/security/cve/CVE-2023-2283

https://www.suse.com/security/cve/CVE-2023-48795

https://www.suse.com/security/cve/CVE-2023-6004

https://www.suse.com/security/cve/CVE-2023-6918

http://www.nessus.org/u?dfde76e2

Plugin Details

Severity: Medium

ID: 190754

File Name: suse_SU-2024-0525-1.nasl

Version: 1.3

Type: Local

Agent: unix

Published: 2/20/2024

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5

Percentile: 94.39

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2019-14889

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6

Threat Score: 5.3

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2023-48795

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libssh4-32bit, p-cpe:/a:novell:suse_linux:libssh-devel, p-cpe:/a:novell:suse_linux:libssh4, p-cpe:/a:novell:suse_linux:libssh-config, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/19/2024

Vulnerability Publication Date: 12/10/2019

Reference Information

CVE: CVE-2019-14889, CVE-2020-16135, CVE-2020-1730, CVE-2021-3634, CVE-2023-1667, CVE-2023-2283, CVE-2023-48795, CVE-2023-6004, CVE-2023-6918

IAVA: 2020-A-0203-S, 2022-A-0041-S, 2023-A-0517-S, 2023-A-0703-S

SuSE: SUSE-SU-2024:0525-1