Security update for libssh SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1707-2 Final 1 1 2015-10-01T08:51:46Z current 2015-10-01T08:51:46Z 2015-10-01T08:51:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libssh The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-660,SUSE-SLE-SDK-12-2015-660 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151707-2/ Link for SUSE-SU-2015:1707-2 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001624.html E-Mail link for SUSE-SU-2015:1707-2 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/928323 SUSE Bug 928323 https://www.suse.com/security/cve/CVE-2015-3146/ SUSE CVE CVE-2015-3146 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 libssh4-0.6.3-8.1 libssh-devel-0.6.3-8.1 libssh-devel-doc-0.6.3-8.1 libssh4-0.6.3-8.1 as a component of SUSE Linux Enterprise Desktop 12 libssh-devel-0.6.3-8.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libssh-devel-doc-0.6.3-8.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libssh4-0.6.3-8.1 as a component of SUSE Linux Enterprise Software Development Kit 12 The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted SSH packet. CVE-2015-3146 SUSE Linux Enterprise Desktop 12:libssh4-0.6.3-8.1 SUSE Linux Enterprise Software Development Kit 12:libssh-devel-0.6.3-8.1 SUSE Linux Enterprise Software Development Kit 12:libssh-devel-doc-0.6.3-8.1 SUSE Linux Enterprise Software Development Kit 12:libssh4-0.6.3-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151707-2/ https://www.suse.com/security/cve/CVE-2015-3146.html CVE-2015-3146 https://bugzilla.suse.com/928323 SUSE Bug 928323