Vulnerability from csaf_suse
Published
2019-03-19 10:42
Modified
2019-03-19 10:42
Summary
Security update for libssh2_org
Notes
Title of the patch
Security update for libssh2_org
Description of the patch
This update for libssh2_org fixes the following issues:
Security issues fixed:
- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
- CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes
with specially crafted keyboard responses (bsc#1128493).
- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write
with specially crafted payload (bsc#1128472).
- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require
and _libssh2_packet_requirev (bsc#1128480).
- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially
crafted payload (bsc#1128471).
- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted
SFTP packet (bsc#1128476).
- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially
crafted message channel request SSH packet (bsc#1128474).
Patchnames
sdksp4-libssh2_org-13982,slessp4-libssh2_org-13982
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for libssh2_org", title: "Title of the patch", }, { category: "description", text: "This update for libssh2_org fixes the following issues:\n\nSecurity issues fixed:\t \n\n- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).\n- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).\n- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).\n- CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes \n with specially crafted keyboard responses (bsc#1128493).\n- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write \n with specially crafted payload (bsc#1128472).\n- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require \n and _libssh2_packet_requirev (bsc#1128480).\n- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially \n crafted payload (bsc#1128471).\n- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted \n SFTP packet (bsc#1128476).\n- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially \n crafted message channel request SSH packet (bsc#1128474).\t \n", title: "Description of the patch", }, { category: "details", text: "sdksp4-libssh2_org-13982,slessp4-libssh2_org-13982", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_13982-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:13982-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:13982-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html", }, { category: "self", summary: "SUSE Bug 1128471", url: "https://bugzilla.suse.com/1128471", }, { category: "self", summary: "SUSE Bug 1128472", url: "https://bugzilla.suse.com/1128472", }, { category: "self", summary: "SUSE Bug 1128474", url: "https://bugzilla.suse.com/1128474", }, { category: "self", summary: "SUSE Bug 1128476", url: "https://bugzilla.suse.com/1128476", }, { category: "self", summary: "SUSE Bug 1128480", url: "https://bugzilla.suse.com/1128480", }, { category: "self", summary: "SUSE Bug 1128481", url: "https://bugzilla.suse.com/1128481", }, { category: "self", summary: "SUSE Bug 1128490", url: "https://bugzilla.suse.com/1128490", }, { category: "self", summary: "SUSE Bug 1128492", url: "https://bugzilla.suse.com/1128492", }, { category: "self", summary: "SUSE Bug 1128493", url: "https://bugzilla.suse.com/1128493", }, { category: "self", summary: "SUSE CVE CVE-2019-3855 page", url: "https://www.suse.com/security/cve/CVE-2019-3855/", }, { category: "self", summary: "SUSE CVE CVE-2019-3856 page", url: "https://www.suse.com/security/cve/CVE-2019-3856/", }, { category: "self", summary: "SUSE CVE CVE-2019-3857 page", url: "https://www.suse.com/security/cve/CVE-2019-3857/", }, { category: "self", summary: "SUSE CVE CVE-2019-3858 page", url: "https://www.suse.com/security/cve/CVE-2019-3858/", }, { category: "self", summary: "SUSE CVE CVE-2019-3859 page", url: "https://www.suse.com/security/cve/CVE-2019-3859/", }, { category: "self", summary: "SUSE CVE CVE-2019-3860 page", url: "https://www.suse.com/security/cve/CVE-2019-3860/", }, { category: "self", summary: "SUSE CVE CVE-2019-3861 page", url: "https://www.suse.com/security/cve/CVE-2019-3861/", }, { category: "self", summary: "SUSE CVE CVE-2019-3862 page", url: "https://www.suse.com/security/cve/CVE-2019-3862/", }, { category: "self", summary: "SUSE CVE CVE-2019-3863 page", url: "https://www.suse.com/security/cve/CVE-2019-3863/", }, ], title: "Security update for libssh2_org", tracking: { current_release_date: "2019-03-19T10:42:39Z", generator: { date: "2019-03-19T10:42:39Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:13982-1", initial_release_date: "2019-03-19T10:42:39Z", revision_history: [ { date: "2019-03-19T10:42:39Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "libssh2-1-1.4.3-17.3.1.i586", product: { name: "libssh2-1-1.4.3-17.3.1.i586", product_id: "libssh2-1-1.4.3-17.3.1.i586", }, }, { category: "product_version", name: "libssh2-devel-1.4.3-17.3.1.i586", product: { name: "libssh2-devel-1.4.3-17.3.1.i586", product_id: "libssh2-devel-1.4.3-17.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "libssh2-1-x86-1.4.3-17.3.1.ia64", product: { name: "libssh2-1-x86-1.4.3-17.3.1.ia64", product_id: "libssh2-1-x86-1.4.3-17.3.1.ia64", }, }, { category: "product_version", name: "libssh2-devel-1.4.3-17.3.1.ia64", product: { name: "libssh2-devel-1.4.3-17.3.1.ia64", product_id: "libssh2-devel-1.4.3-17.3.1.ia64", }, }, { category: "product_version", name: "libssh2-1-1.4.3-17.3.1.ia64", product: { name: "libssh2-1-1.4.3-17.3.1.ia64", product_id: "libssh2-1-1.4.3-17.3.1.ia64", }, }, ], category: "architecture", name: "ia64", }, { branches: [ { category: "product_version", name: "libssh2-1-32bit-1.4.3-17.3.1.ppc64", product: { name: "libssh2-1-32bit-1.4.3-17.3.1.ppc64", product_id: "libssh2-1-32bit-1.4.3-17.3.1.ppc64", }, }, { category: "product_version", name: "libssh2-devel-1.4.3-17.3.1.ppc64", product: { name: "libssh2-devel-1.4.3-17.3.1.ppc64", product_id: "libssh2-devel-1.4.3-17.3.1.ppc64", }, }, { category: "product_version", name: "libssh2-1-1.4.3-17.3.1.ppc64", product: { name: "libssh2-1-1.4.3-17.3.1.ppc64", product_id: "libssh2-1-1.4.3-17.3.1.ppc64", }, }, ], category: "architecture", name: "ppc64", }, { branches: [ { category: "product_version", name: "libssh2-1-32bit-1.4.3-17.3.1.s390x", product: { name: "libssh2-1-32bit-1.4.3-17.3.1.s390x", product_id: "libssh2-1-32bit-1.4.3-17.3.1.s390x", }, }, { category: "product_version", name: "libssh2-devel-1.4.3-17.3.1.s390x", product: { name: "libssh2-devel-1.4.3-17.3.1.s390x", product_id: "libssh2-devel-1.4.3-17.3.1.s390x", }, }, { category: "product_version", name: "libssh2-1-1.4.3-17.3.1.s390x", product: { name: "libssh2-1-1.4.3-17.3.1.s390x", product_id: "libssh2-1-1.4.3-17.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libssh2-1-1.4.3-17.3.1.x86_64", product: { name: "libssh2-1-1.4.3-17.3.1.x86_64", product_id: "libssh2-1-1.4.3-17.3.1.x86_64", }, }, { category: "product_version", name: "libssh2-1-32bit-1.4.3-17.3.1.x86_64", product: { name: "libssh2-1-32bit-1.4.3-17.3.1.x86_64", product_id: "libssh2-1-32bit-1.4.3-17.3.1.x86_64", }, }, { category: "product_version", name: "libssh2-devel-1.4.3-17.3.1.x86_64", product: { name: "libssh2-devel-1.4.3-17.3.1.x86_64", product_id: "libssh2-devel-1.4.3-17.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product: { name: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:sle-sdk:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 11 SP4", product: { name: "SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:suse_sles:11:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", }, product_reference: "libssh2-1-1.4.3-17.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", }, product_reference: "libssh2-1-1.4.3-17.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", }, product_reference: "libssh2-1-32bit-1.4.3-17.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", }, product_reference: "libssh2-1-32bit-1.4.3-17.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-32bit-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", }, product_reference: "libssh2-1-32bit-1.4.3-17.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-x86-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", }, product_reference: "libssh2-1-x86-1.4.3-17.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", }, product_reference: "libssh2-devel-1.4.3-17.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", }, product_reference: "libssh2-devel-1.4.3-17.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", }, product_reference: "libssh2-devel-1.4.3-17.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", }, product_reference: "libssh2-devel-1.4.3-17.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-devel-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4", product_id: "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", }, product_reference: "libssh2-devel-1.4.3-17.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Software Development Kit 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", }, product_reference: "libssh2-1-1.4.3-17.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", }, product_reference: "libssh2-1-1.4.3-17.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", }, product_reference: "libssh2-1-1.4.3-17.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", }, product_reference: "libssh2-1-1.4.3-17.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4", product_id: "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", }, product_reference: "libssh2-1-1.4.3-17.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", }, product_reference: "libssh2-1-1.4.3-17.3.1.i586", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", }, product_reference: "libssh2-1-1.4.3-17.3.1.ia64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", }, product_reference: "libssh2-1-1.4.3-17.3.1.ppc64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", }, product_reference: "libssh2-1-1.4.3-17.3.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, { category: "default_component_of", full_product_name: { name: "libssh2-1-1.4.3-17.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", }, product_reference: "libssh2-1-1.4.3-17.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2019-3855", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3855", }, ], notes: [ { category: "general", text: "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3855", url: "https://www.suse.com/security/cve/CVE-2019-3855", }, { category: "external", summary: "SUSE Bug 1128471 for CVE-2019-3855", url: "https://bugzilla.suse.com/1128471", }, { category: "external", summary: "SUSE Bug 1134329 for CVE-2019-3855", url: "https://bugzilla.suse.com/1134329", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3855", url: "https://bugzilla.suse.com/1135434", }, { category: "external", summary: "SUSE Bug 1141850 for CVE-2019-3855", url: "https://bugzilla.suse.com/1141850", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3855", }, { cve: "CVE-2019-3856", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3856", }, ], notes: [ { category: "general", text: "An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3856", url: "https://www.suse.com/security/cve/CVE-2019-3856", }, { category: "external", summary: "SUSE Bug 1128472 for CVE-2019-3856", url: "https://bugzilla.suse.com/1128472", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3856", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3856", }, { cve: "CVE-2019-3857", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3857", }, ], notes: [ { category: "general", text: "An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3857", url: "https://www.suse.com/security/cve/CVE-2019-3857", }, { category: "external", summary: "SUSE Bug 1128474 for CVE-2019-3857", url: "https://bugzilla.suse.com/1128474", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3857", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3857", }, { cve: "CVE-2019-3858", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3858", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3858", url: "https://www.suse.com/security/cve/CVE-2019-3858", }, { category: "external", summary: "SUSE Bug 1128476 for CVE-2019-3858", url: "https://bugzilla.suse.com/1128476", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3858", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "moderate", }, ], title: "CVE-2019-3858", }, { cve: "CVE-2019-3859", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3859", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3859", url: "https://www.suse.com/security/cve/CVE-2019-3859", }, { category: "external", summary: "SUSE Bug 1128480 for CVE-2019-3859", url: "https://bugzilla.suse.com/1128480", }, { category: "external", summary: "SUSE Bug 1130103 for CVE-2019-3859", url: "https://bugzilla.suse.com/1130103", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3859", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3859", }, { cve: "CVE-2019-3860", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3860", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3860", url: "https://www.suse.com/security/cve/CVE-2019-3860", }, { category: "external", summary: "SUSE Bug 1128481 for CVE-2019-3860", url: "https://bugzilla.suse.com/1128481", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3860", url: "https://bugzilla.suse.com/1135434", }, { category: "external", summary: "SUSE Bug 1136570 for CVE-2019-3860", url: "https://bugzilla.suse.com/1136570", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3860", }, { cve: "CVE-2019-3861", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3861", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3861", url: "https://www.suse.com/security/cve/CVE-2019-3861", }, { category: "external", summary: "SUSE Bug 1128490 for CVE-2019-3861", url: "https://bugzilla.suse.com/1128490", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3861", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3861", }, { cve: "CVE-2019-3862", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3862", }, ], notes: [ { category: "general", text: "An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3862", url: "https://www.suse.com/security/cve/CVE-2019-3862", }, { category: "external", summary: "SUSE Bug 1128492 for CVE-2019-3862", url: "https://bugzilla.suse.com/1128492", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3862", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3862", }, { cve: "CVE-2019-3863", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2019-3863", }, ], notes: [ { category: "general", text: "A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2019-3863", url: "https://www.suse.com/security/cve/CVE-2019-3863", }, { category: "external", summary: "SUSE Bug 1128493 for CVE-2019-3863", url: "https://bugzilla.suse.com/1128493", }, { category: "external", summary: "SUSE Bug 1130103 for CVE-2019-3863", url: "https://bugzilla.suse.com/1130103", }, { category: "external", summary: "SUSE Bug 1135434 for CVE-2019-3863", url: "https://bugzilla.suse.com/1135434", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-32bit-1.4.3-17.3.1.x86_64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-1-x86-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.i586", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ia64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.ppc64", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.s390x", "SUSE Linux Enterprise Software Development Kit 11 SP4:libssh2-devel-1.4.3-17.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-19T10:42:39Z", details: "low", }, ], title: "CVE-2019-3863", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.