Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
libssh2-1-1.9.0-3.6 on GA media
Notes
Title of the patch
libssh2-1-1.9.0-3.6 on GA media
Description of the patch
These are all security issues fixed in the libssh2-1-1.9.0-3.6 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10999
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "libssh2-1-1.9.0-3.6 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the libssh2-1-1.9.0-3.6 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-10999", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10999-1.json", }, { category: "self", summary: "SUSE CVE CVE-2019-17498 page", url: "https://www.suse.com/security/cve/CVE-2019-17498/", }, { category: "self", summary: "SUSE CVE CVE-2019-3855 page", url: "https://www.suse.com/security/cve/CVE-2019-3855/", }, { category: "self", summary: "SUSE CVE CVE-2019-3856 page", url: "https://www.suse.com/security/cve/CVE-2019-3856/", }, { category: "self", summary: "SUSE CVE CVE-2019-3857 page", url: "https://www.suse.com/security/cve/CVE-2019-3857/", }, { category: "self", summary: "SUSE CVE CVE-2019-3858 page", url: "https://www.suse.com/security/cve/CVE-2019-3858/", }, { category: "self", summary: "SUSE CVE CVE-2019-3859 page", url: "https://www.suse.com/security/cve/CVE-2019-3859/", }, { category: "self", summary: "SUSE CVE CVE-2019-3860 page", url: "https://www.suse.com/security/cve/CVE-2019-3860/", }, { category: "self", summary: "SUSE CVE CVE-2019-3861 page", url: "https://www.suse.com/security/cve/CVE-2019-3861/", }, { category: "self", summary: "SUSE CVE CVE-2019-3862 page", url: "https://www.suse.com/security/cve/CVE-2019-3862/", }, { category: "self", summary: "SUSE CVE CVE-2019-3863 page", url: "https://www.suse.com/security/cve/CVE-2019-3863/", }, ], title: "libssh2-1-1.9.0-3.6 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:10999-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libssh2-1-1.9.0-3.6.aarch64", product: { name: "libssh2-1-1.9.0-3.6.aarch64", product_id: "libssh2-1-1.9.0-3.6.aarch64", }, }, { category: "product_version", name: "libssh2-1-32bit-1.9.0-3.6.aarch64", product: { name: "libssh2-1-32bit-1.9.0-3.6.aarch64", product_id: "libssh2-1-32bit-1.9.0-3.6.aarch64", }, }, { category: "product_version", name: "libssh2-devel-1.9.0-3.6.aarch64", product: { name: "libssh2-devel-1.9.0-3.6.aarch64", product_id: "libssh2-devel-1.9.0-3.6.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libssh2-1-1.9.0-3.6.ppc64le", product: { name: "libssh2-1-1.9.0-3.6.ppc64le", product_id: "libssh2-1-1.9.0-3.6.ppc64le", }, }, { category: "product_version", name: "libssh2-1-32bit-1.9.0-3.6.ppc64le", product: { name: "libssh2-1-32bit-1.9.0-3.6.ppc64le", product_id: "libssh2-1-32bit-1.9.0-3.6.ppc64le", }, }, { category: "product_version", name: "libssh2-devel-1.9.0-3.6.ppc64le", product: { name: "libssh2-devel-1.9.0-3.6.ppc64le", product_id: "libssh2-devel-1.9.0-3.6.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libssh2-1-1.9.0-3.6.s390x", product: { name: "libssh2-1-1.9.0-3.6.s390x", product_id: "libssh2-1-1.9.0-3.6.s390x", }, }, { category: "product_version", name: "libssh2-1-32bit-1.9.0-3.6.s390x", product: { name: "libssh2-1-32bit-1.9.0-3.6.s390x", product_id: "libssh2-1-32bit-1.9.0-3.6.s390x", }, }, { category: "product_version", name: "libssh2-devel-1.9.0-3.6.s390x", product: { name: "libssh2-devel-1.9.0-3.6.s390x", product_id: "libssh2-devel-1.9.0-3.6.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libssh2-1-1.9.0-3.6.x86_64", product: { name: "libssh2-1-1.9.0-3.6.x86_64", product_id: "libssh2-1-1.9.0-3.6.x86_64", }, }, { category: "product_version", name: "libssh2-1-32bit-1.9.0-3.6.x86_64", product: { name: "libssh2-1-32bit-1.9.0-3.6.x86_64", product_id: "libssh2-1-32bit-1.9.0-3.6.x86_64", }, }, { category: "product_version", name: "libssh2-devel-1.9.0-3.6.x86_64", product: { name: "libssh2-devel-1.9.0-3.6.x86_64", product_id: "libssh2-devel-1.9.0-3.6.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libssh2-1-1.9.0-3.6.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", }, product_reference: "libssh2-1-1.9.0-3.6.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.9.0-3.6.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", }, product_reference: "libssh2-1-1.9.0-3.6.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.9.0-3.6.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", }, product_reference: "libssh2-1-1.9.0-3.6.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.9.0-3.6.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", }, product_reference: "libssh2-1-1.9.0-3.6.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.9.0-3.6.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", }, product_reference: "libssh2-1-32bit-1.9.0-3.6.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.9.0-3.6.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", }, product_reference: "libssh2-1-32bit-1.9.0-3.6.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.9.0-3.6.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", }, product_reference: "libssh2-1-32bit-1.9.0-3.6.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.9.0-3.6.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", }, product_reference: "libssh2-1-32bit-1.9.0-3.6.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.9.0-3.6.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", }, product_reference: "libssh2-devel-1.9.0-3.6.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.9.0-3.6.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", }, product_reference: "libssh2-devel-1.9.0-3.6.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.9.0-3.6.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", }, product_reference: "libssh2-devel-1.9.0-3.6.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.9.0-3.6.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", }, product_reference: "libssh2-devel-1.9.0-3.6.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2019-17498", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-17498", }, ], notes: [ { category: "general", text: "In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-17498", url: "https://www.suse.com/security/cve/CVE-2019-17498", }, { category: "external", summary: "SUSE Bug 1154862 for CVE-2019-17498", url: "https://bugzilla.suse.com/1154862", }, { category: "external", summary: "SUSE Bug 1171566 for CVE-2019-17498", url: "https://bugzilla.suse.com/1171566", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-17498", }, { cve: "CVE-2019-3855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3855", }, ], notes: [ { category: "general", text: "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3855", url: "https://www.suse.com/security/cve/CVE-2019-3855", }, { category: "external", summary: "SUSE Bug 1128471 for CVE-2019-3855", url: "https://bugzilla.suse.com/1128471", }, { category: "external", summary: "SUSE Bug 1134329 for CVE-2019-3855", url: "https://bugzilla.suse.com/1134329", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3855", url: "https://bugzilla.suse.com/1135434", }, { category: "external", summary: "SUSE Bug 1141850 for CVE-2019-3855", url: "https://bugzilla.suse.com/1141850", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3855", }, { cve: "CVE-2019-3856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3856", }, ], notes: [ { category: "general", text: "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3856", url: "https://www.suse.com/security/cve/CVE-2019-3856", }, { category: "external", summary: "SUSE Bug 1128472 for CVE-2019-3856", url: "https://bugzilla.suse.com/1128472", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3856", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3856", }, { cve: "CVE-2019-3857", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3857", }, ], notes: [ { category: "general", text: "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3857", url: "https://www.suse.com/security/cve/CVE-2019-3857", }, { category: "external", summary: "SUSE Bug 1128474 for CVE-2019-3857", url: "https://bugzilla.suse.com/1128474", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3857", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3857", }, { cve: "CVE-2019-3858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3858", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3858", url: "https://www.suse.com/security/cve/CVE-2019-3858", }, { category: "external", summary: "SUSE Bug 1128476 for CVE-2019-3858", url: "https://bugzilla.suse.com/1128476", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3858", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2019-3858", }, { cve: "CVE-2019-3859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3859", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3859", url: "https://www.suse.com/security/cve/CVE-2019-3859", }, { category: "external", summary: "SUSE Bug 1128480 for CVE-2019-3859", url: "https://bugzilla.suse.com/1128480", }, { category: "external", summary: "SUSE Bug 1130103 for CVE-2019-3859", url: "https://bugzilla.suse.com/1130103", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3859", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3859", }, { cve: "CVE-2019-3860", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3860", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3860", url: "https://www.suse.com/security/cve/CVE-2019-3860", }, { category: "external", summary: "SUSE Bug 1128481 for CVE-2019-3860", url: "https://bugzilla.suse.com/1128481", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3860", url: "https://bugzilla.suse.com/1135434", }, { category: "external", summary: "SUSE Bug 1136570 for CVE-2019-3860", url: "https://bugzilla.suse.com/1136570", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3860", }, { cve: "CVE-2019-3861", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3861", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3861", url: "https://www.suse.com/security/cve/CVE-2019-3861", }, { category: "external", summary: "SUSE Bug 1128490 for CVE-2019-3861", url: "https://bugzilla.suse.com/1128490", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3861", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3861", }, { cve: "CVE-2019-3862", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3862", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3862", url: "https://www.suse.com/security/cve/CVE-2019-3862", }, { category: "external", summary: "SUSE Bug 1128492 for CVE-2019-3862", url: "https://bugzilla.suse.com/1128492", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3862", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3862", }, { cve: "CVE-2019-3863", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3863", }, ], notes: [ { category: "general", text: "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3863", url: "https://www.suse.com/security/cve/CVE-2019-3863", }, { category: "external", summary: "SUSE Bug 1128493 for CVE-2019-3863", url: "https://bugzilla.suse.com/1128493", }, { category: "external", summary: "SUSE Bug 1130103 for CVE-2019-3863", url: "https://bugzilla.suse.com/1130103", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3863", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-1-32bit-1.9.0-3.6.x86_64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.aarch64", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.ppc64le", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.s390x", "openSUSE Tumbleweed:libssh2-devel-1.9.0-3.6.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2019-3863", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.