Security update for libssh2_org SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1290-1 Final 1 1 2019-04-29T06:36:18Z current 2019-04-29T06:36:18Z 2019-04-29T06:36:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh2_org This update for libssh2_org fixes the following issues: - Incorrect upstream fix for CVE-2019-3859 broke public key authentication [bsc#1133528, bsc#1130103] This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html E-Mail link for openSUSE-SU-2019:1290-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libssh2-1-1.4.3-19.6.1 libssh2-1-32bit-1.4.3-19.6.1 libssh2-devel-1.4.3-19.6.1 libssh2_org-1.4.3-19.6.1 libssh2-1-1.4.3-19.6.1 as a component of openSUSE Leap 42.3 libssh2-1-32bit-1.4.3-19.6.1 as a component of openSUSE Leap 42.3 libssh2-devel-1.4.3-19.6.1 as a component of openSUSE Leap 42.3 libssh2_org-1.4.3-19.6.1 as a component of openSUSE Leap 42.3 An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. CVE-2019-3859 openSUSE Leap 42.3:libssh2-1-1.4.3-19.6.1 openSUSE Leap 42.3:libssh2-1-32bit-1.4.3-19.6.1 openSUSE Leap 42.3:libssh2-devel-1.4.3-19.6.1 openSUSE Leap 42.3:libssh2_org-1.4.3-19.6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00102.html https://www.suse.com/security/cve/CVE-2019-3859.html CVE-2019-3859 https://bugzilla.suse.com/1128480 SUSE Bug 1128480 https://bugzilla.suse.com/1130103 SUSE Bug 1130103 https://bugzilla.suse.com/1135434 SUSE Bug 1135434