openSUSE Security Update : libssh2_org (openSUSE-2015-242)

Medium Nessus Plugin ID 81946


The remote openSUSE host is missing a security update.


libssh2_org was updated to version 1.5.0 to fix bugs and a security issue.

Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend

Bug fixes :

- Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782

- missing _libssh2_error in _libssh2_channel_write

- knownhost: Fix DSS keys being detected as unknown.

- knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.

- libssh2.h: on Windows, a socket is of type SOCKET, not int

- libssh2_priv.h: a 1 bit bit-field should be unsigned

- windows build: do not export externals from static library

- Fixed two potential use-after-frees of the payload buffer

- Fixed a few memory leaks in error paths

- userauth: Fixed an attempt to free from stack on error

- agent_list_identities: Fixed memory leak on OOM

- knownhosts: Abort if the hosts buffer is too small

- sftp_close_handle: ensure the handle is always closed

- channel_close: Close the channel even in the case of errors

- docs: added missing libssh2_session_handshake.3 file

- docs: fixed a bunch of typos

- userauth_password: pass on the underlying error code

- _libssh2_channel_forward_cancel: accessed struct after free

- _libssh2_packet_add: avoid using uninitialized memory

- _libssh2_channel_forward_cancel: avoid memory leaks on error

- _libssh2_channel_write: client spins on write when window full

- windows build: fix build errors

- publickey_packet_receive: avoid junk in returned pointers

- channel_receive_window_adjust: store windows size always

- userauth_hostbased_fromfile: zero assign to avoid uninitialized use

- configure: change LIBS not LDFLAGS when checking for libs

- agent_connect_unix: make sure there's a trailing zero

- MinGW build: Fixed redefine warnings.

- sftpdir.c: added authentication method detection.

- Watcom build: added support for WinCNG build.


- sftp_statvfs: fix for servers not supporting statfvs extension

- knownhost.c: use LIBSSH2_FREE macro instead of free

- Fixed compilation using mingw-w64

- knownhost.c: fixed that 'key_type_len' may be used uninitialized

- configure: Display individual crypto backends on separate lines

- examples on Windows: check for WSAStartup return code

- examples on Windows: check for socket return code

- agent.c: check return code of MapViewOfFile

- kex.c: fix possible NULL pointer de-reference with session->kex

- packet.c: fix possible NULL pointer de-reference within listen_state

- tests on Windows: check for WSAStartup return code

- userauth.c: improve readability and clarity of for-loops

- examples on Windows: use native SOCKET-type instead of int

- packet.c: i < 256 was always true and i would overflow to 0

- kex.c: make sure mlist is not set to NULL

- session.c: check return value of session_nonblock in debug mode

- session.c: check return value of session_nonblock during startup

- userauth.c: make sure that sp_len is positive and avoid overflows

- knownhost.c: fix use of uninitialized argument variable wrote

- openssl: initialise the digest context before calling EVP_DigestInit()

- libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET

- Add zlib to Requires.private in libssh2.pc if using zlib

- Rework crypto library detection

- Reorder --with-* options in --help output

- Call zlib zlib and not libz in text but keep option names

- Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro

- sftp: seek: Don't flush buffers on same offset

- sftp: statvfs: Along error path, reset the correct 'state' variable.

- sftp: Add support for fsync (OpenSSH extension).

- _libssh2_channel_read: fix data drop when out of window

- comp_method_zlib_decomp: Improve buffer growing algorithm

- _libssh2_channel_read: Honour window_size_initial

- window_size: redid window handling for flow control reasons

- knownhosts: handle unknown key types


Update the affected libssh2_org packages.

See Also

Plugin Details

Severity: Medium

ID: 81946

File Name: openSUSE-2015-242.nasl

Version: $Revision: 1.2 $

Type: local

Agent: unix

Published: 2015/03/19

Modified: 2015/03/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libssh2-1, p-cpe:/a:novell:opensuse:libssh2-1-32bit, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo, p-cpe:/a:novell:opensuse:libssh2-1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libssh2-devel, p-cpe:/a:novell:opensuse:libssh2_org-debugsource, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/03/11

Reference Information

CVE: CVE-2015-1782