Action not permitted
Modal body text goes here.
Modal Title
Modal Body
BDU:2019-01303
Vulnerability from fstec - Published: 03.12.2018
VLAI Severity ?
Title
Уязвимость библиотеки libssh2, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию
Description
Уязвимость библиотеки libssh2 связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или раскрыть защищаемую информацию
Severity ?
Vendor
ООО «РусБИТех-Астра», Novell Inc., Сообщество свободного программного обеспечения
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Module for Basesystem, Suse Linux Enterprise Server, SUSE Linux Enterprise High Performance Computing, libssh2, OpenStack Cloud Magnum Orchestration
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15 GA (SUSE Linux Enterprise Module for Basesystem), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 12 (SUSE Linux Enterprise High Performance Computing), от 1.2.8 до 1.8.1 (libssh2), 7.0 (OpenStack Cloud Magnum Orchestration), 11 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 GA (SUSE Linux Enterprise Server for SAP Applications), 11 SP3 LTSS (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 12 GA LTSS (Suse Linux Enterprise Server), 12 SP1 LTSS (Suse Linux Enterprise Server), 12 SP2 LTSS (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2019-3861/
Для Astra Linux:
Обновление программного обеспечения (пакета libssh2) до 1.7.0-1+deb9u1 или более поздней версии
Для libssh2:
Обновление программного обеспечения до 1.8.1 или более поздней версии
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет libssh2 до 1.7.0-1+deb9u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186
Reference
https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1/
https://www.suse.com/security/cve/CVE-2019-3861/
https://www.libssh2.org/CVE-2019-3861.html
https://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 15 GA (SUSE Linux Enterprise Module for Basesystem), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 12 (SUSE Linux Enterprise High Performance Computing), \u043e\u0442 1.2.8 \u0434\u043e 1.8.1 (libssh2), 7.0 (OpenStack Cloud Magnum Orchestration), 11 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 GA (SUSE Linux Enterprise Server for SAP Applications), 11 SP3 LTSS (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 12 GA LTSS (Suse Linux Enterprise Server), 12 SP1 LTSS (Suse Linux Enterprise Server), 12 SP2 LTSS (Suse Linux Enterprise Server), 11 SP4 (SUSE Linux Enterprise Software Development Kit)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2019-3861/\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 libssh2) \u0434\u043e 1.7.0-1+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f libssh2:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.8.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libssh2 \u0434\u043e 1.7.0-1+deb9u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/pages/viewpage.action?pageId=57444186",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.04.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01303",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-3861, SUSE-SU-2019:13982-1",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE Linux Enterprise Software Development Kit, SUSE Linux Enterprise Module for Basesystem, Suse Linux Enterprise Server, SUSE Linux Enterprise High Performance Computing, libssh2, OpenStack Cloud Magnum Orchestration",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 11 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 GA , Novell Inc. Suse Linux Enterprise Server 11 SP3 LTSS , Novell Inc. Suse Linux Enterprise Server 11 SP4 , Novell Inc. Suse Linux Enterprise Server 12 GA LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP1 LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP2 LTSS ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libssh2, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libssh2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1/\n\nhttps://www.suse.com/security/cve/CVE-2019-3861/\n\nhttps://www.libssh2.org/CVE-2019-3861.html\nhttps://wiki.astralinux.ru/astra-linux-se15-bulletin-20201201SE15\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,1)"
}
SUSE-SU-2019:13982-1
Vulnerability from csaf_suse - Published: 2019-03-19 10:42 - Updated: 2019-03-19 10:42Summary
Security update for libssh2_org
Severity
Moderate
Notes
Title of the patch: Security update for libssh2_org
Description of the patch: This update for libssh2_org fixes the following issues:
Security issues fixed:
- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
- CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes
with specially crafted keyboard responses (bsc#1128493).
- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write
with specially crafted payload (bsc#1128472).
- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require
and _libssh2_packet_requirev (bsc#1128480).
- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially
crafted payload (bsc#1128471).
- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted
SFTP packet (bsc#1128476).
- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially
crafted message channel request SSH packet (bsc#1128474).
Patchnames: sdksp4-libssh2_org-13982,slessp4-libssh2_org-13982
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libssh2_org",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libssh2_org fixes the following issues:\n\nSecurity issues fixed:\t \n\n- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).\n- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).\n- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).\n- CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes \n with specially crafted keyboard responses (bsc#1128493).\n- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write \n with specially crafted payload (bsc#1128472).\n- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require \n and _libssh2_packet_requirev (bsc#1128480).\n- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially \n crafted payload (bsc#1128471).\n- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted \n SFTP packet (bsc#1128476).\n- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially \n crafted message channel request SSH packet (bsc#1128474).\t \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "sdksp4-libssh2_org-13982,slessp4-libssh2_org-13982",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_13982-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:13982-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:13982-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1128471",
"url": "https://bugzilla.suse.com/1128471"
},
{
"category": "self",
"summary": "SUSE Bug 1128472",
"url": "https://bugzilla.suse.com/1128472"
},
{
"category": "self",
"summary": "SUSE Bug 1128474",
"url": "https://bugzilla.suse.com/1128474"
},
{
"category": "self",
"summary": "SUSE Bug 1128476",
"url": "https://bugzilla.suse.com/1128476"
},
{
"category": "self",
"summary": "SUSE Bug 1128480",
"url": "https://bugzilla.suse.com/1128480"
},
{
"category": "self",
"summary": "SUSE Bug 1128481",
"url": "https://bugzilla.suse.com/1128481"
},
{
"category": "self",
"summary": "SUSE Bug 1128490",
"url": "https://bugzilla.suse.com/1128490"
},
{
"category": "self",
"summary": "SUSE Bug 1128492",
"url": "https://bugzilla.suse.com/1128492"
},
{
"category": "self",
"summary": "SUSE Bug 1128493",
"url": "https://bugzilla.suse.com/1128493"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3855 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3856 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3857 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3858 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3859 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3860 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3861 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3862 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3863 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3863/"
}
],
"title": "Security update for libssh2_org",
"tracking": {
"current_release_date": "2019-03-19T10:42:39Z",
"generator": {
"date": "2019-03-19T10:42:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:13982-1",
"initial_release_date": "2019-03-19T10:42:39Z",
"revision_history": [
{
"date": "2019-03-19T10:42:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.4.3-17.3.1.i586",
"product": {
"name": "libssh2-1-1.4.3-17.3.1.i586",
"product_id": "libssh2-1-1.4.3-17.3.1.i586"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.4.3-17.3.1.i586",
"product": {
"name": "libssh2-devel-1.4.3-17.3.1.i586",
"product_id": "libssh2-devel-1.4.3-17.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-x86-1.4.3-17.3.1.ia64",
"product": {
"name": "libssh2-1-x86-1.4.3-17.3.1.ia64",
"product_id": "libssh2-1-x86-1.4.3-17.3.1.ia64"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.4.3-17.3.1.ia64",
"product": {
"name": "libssh2-devel-1.4.3-17.3.1.ia64",
"product_id": "libssh2-devel-1.4.3-17.3.1.ia64"
}
},
{
"category": "product_version",
"name": "libssh2-1-1.4.3-17.3.1.ia64",
"product": {
"name": "libssh2-1-1.4.3-17.3.1.ia64",
"product_id": "libssh2-1-1.4.3-17.3.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"product": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"product_id": "libssh2-1-32bit-1.4.3-17.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.4.3-17.3.1.ppc64",
"product": {
"name": "libssh2-devel-1.4.3-17.3.1.ppc64",
"product_id": "libssh2-devel-1.4.3-17.3.1.ppc64"
}
},
{
"category": "product_version",
"name": "libssh2-1-1.4.3-17.3.1.ppc64",
"product": {
"name": "libssh2-1-1.4.3-17.3.1.ppc64",
"product_id": "libssh2-1-1.4.3-17.3.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-32bit-1.4.3-17.3.1.s390x",
"product": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.s390x",
"product_id": "libssh2-1-32bit-1.4.3-17.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.4.3-17.3.1.s390x",
"product": {
"name": "libssh2-devel-1.4.3-17.3.1.s390x",
"product_id": "libssh2-devel-1.4.3-17.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libssh2-1-1.4.3-17.3.1.s390x",
"product": {
"name": "libssh2-1-1.4.3-17.3.1.s390x",
"product_id": "libssh2-1-1.4.3-17.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libssh2-1-1.4.3-17.3.1.x86_64",
"product": {
"name": "libssh2-1-1.4.3-17.3.1.x86_64",
"product_id": "libssh2-1-1.4.3-17.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"product": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"product_id": "libssh2-1-32bit-1.4.3-17.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libssh2-devel-1.4.3-17.3.1.x86_64",
"product": {
"name": "libssh2-devel-1.4.3-17.3.1.x86_64",
"product_id": "libssh2-devel-1.4.3-17.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-sdk:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles:11:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64"
},
"product_reference": "libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x"
},
"product_reference": "libssh2-1-32bit-1.4.3-17.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-32bit-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64"
},
"product_reference": "libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-x86-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64"
},
"product_reference": "libssh2-1-x86-1.4.3-17.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586"
},
"product_reference": "libssh2-devel-1.4.3-17.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64"
},
"product_reference": "libssh2-devel-1.4.3-17.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64"
},
"product_reference": "libssh2-devel-1.4.3-17.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x"
},
"product_reference": "libssh2-devel-1.4.3-17.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-devel-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
},
"product_reference": "libssh2-devel-1.4.3-17.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
"product_id": "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64"
},
"product_reference": "libssh2-1-1.4.3-17.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-3855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3855"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3855",
"url": "https://www.suse.com/security/cve/CVE-2019-3855"
},
{
"category": "external",
"summary": "SUSE Bug 1128471 for CVE-2019-3855",
"url": "https://bugzilla.suse.com/1128471"
},
{
"category": "external",
"summary": "SUSE Bug 1134329 for CVE-2019-3855",
"url": "https://bugzilla.suse.com/1134329"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3855",
"url": "https://bugzilla.suse.com/1135434"
},
{
"category": "external",
"summary": "SUSE Bug 1141850 for CVE-2019-3855",
"url": "https://bugzilla.suse.com/1141850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3855"
},
{
"cve": "CVE-2019-3856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3856"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3856",
"url": "https://www.suse.com/security/cve/CVE-2019-3856"
},
{
"category": "external",
"summary": "SUSE Bug 1128472 for CVE-2019-3856",
"url": "https://bugzilla.suse.com/1128472"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3856",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3856"
},
{
"cve": "CVE-2019-3857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3857"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3857",
"url": "https://www.suse.com/security/cve/CVE-2019-3857"
},
{
"category": "external",
"summary": "SUSE Bug 1128474 for CVE-2019-3857",
"url": "https://bugzilla.suse.com/1128474"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3857",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3857"
},
{
"cve": "CVE-2019-3858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3858"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3858",
"url": "https://www.suse.com/security/cve/CVE-2019-3858"
},
{
"category": "external",
"summary": "SUSE Bug 1128476 for CVE-2019-3858",
"url": "https://bugzilla.suse.com/1128476"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3858",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "moderate"
}
],
"title": "CVE-2019-3858"
},
{
"cve": "CVE-2019-3859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3859"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3859",
"url": "https://www.suse.com/security/cve/CVE-2019-3859"
},
{
"category": "external",
"summary": "SUSE Bug 1128480 for CVE-2019-3859",
"url": "https://bugzilla.suse.com/1128480"
},
{
"category": "external",
"summary": "SUSE Bug 1130103 for CVE-2019-3859",
"url": "https://bugzilla.suse.com/1130103"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3859",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3859"
},
{
"cve": "CVE-2019-3860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3860"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3860",
"url": "https://www.suse.com/security/cve/CVE-2019-3860"
},
{
"category": "external",
"summary": "SUSE Bug 1128481 for CVE-2019-3860",
"url": "https://bugzilla.suse.com/1128481"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3860",
"url": "https://bugzilla.suse.com/1135434"
},
{
"category": "external",
"summary": "SUSE Bug 1136570 for CVE-2019-3860",
"url": "https://bugzilla.suse.com/1136570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3860"
},
{
"cve": "CVE-2019-3861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3861"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3861",
"url": "https://www.suse.com/security/cve/CVE-2019-3861"
},
{
"category": "external",
"summary": "SUSE Bug 1128490 for CVE-2019-3861",
"url": "https://bugzilla.suse.com/1128490"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3861",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3861"
},
{
"cve": "CVE-2019-3862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3862"
}
],
"notes": [
{
"category": "general",
"text": "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3862",
"url": "https://www.suse.com/security/cve/CVE-2019-3862"
},
{
"category": "external",
"summary": "SUSE Bug 1128492 for CVE-2019-3862",
"url": "https://bugzilla.suse.com/1128492"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3862",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3862"
},
{
"cve": "CVE-2019-3863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3863"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3863",
"url": "https://www.suse.com/security/cve/CVE-2019-3863"
},
{
"category": "external",
"summary": "SUSE Bug 1128493 for CVE-2019-3863",
"url": "https://bugzilla.suse.com/1128493"
},
{
"category": "external",
"summary": "SUSE Bug 1130103 for CVE-2019-3863",
"url": "https://bugzilla.suse.com/1130103"
},
{
"category": "external",
"summary": "SUSE Bug 1135434 for CVE-2019-3863",
"url": "https://bugzilla.suse.com/1135434"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-19T10:42:39Z",
"details": "low"
}
],
"title": "CVE-2019-3863"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…