<div class="container">
<h1>Security update for libssh</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2024:0539-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1158095">bsc#1158095</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1168699">bsc#1168699</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1174713">bsc#1174713</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1189608">bsc#1189608</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211188">bsc#1211188</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211190">bsc#1211190</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218126">bsc#1218126</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218186">bsc#1218186</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218209">bsc#1218209</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-7719">jsc#PED-7719</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2019-14889.html">CVE-2019-14889</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-16135.html">CVE-2020-16135</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2020-1730.html">CVE-2020-1730</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2021-3634.html">CVE-2021-3634</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-1667.html">CVE-2023-1667</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-2283.html">CVE-2023-2283</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-48795.html">CVE-2023-48795</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6004.html">CVE-2023-6004</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6918.html">CVE-2023-6918</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-14889</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-14889</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2019-14889</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">7.1</span>
<span class="cvss-vector">CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-16135</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-16135</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-1730</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2020-1730</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-3634</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2021-3634</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1667</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-1667</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-2283</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-2283</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-48795</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-48795</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.9</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6004</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6004</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.8</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6918</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6918</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.3</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves nine vulnerabilities and contains one feature can now be installed.</p>
<h2>Description:</h2>
<p>This update for libssh fixes the following issues:</p>
<p>Update to version 0.9.8 (jsc#PED-7719):</p>
<ul>
<li>Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)</li>
<li>Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)</li>
<li>Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)</li>
<li>Allow @ in usernames when parsing from URI composes</li>
</ul>
<p>Update to version 0.9.7</p>
<ul>
<li>Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)</li>
<li>Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)</li>
<li>Fix several memory leaks in GSSAPI handling code</li>
</ul>
<p>Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)</p>
<ul>
<li>https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6</li>
</ul>
<p>Update to version 0.9.5 (bsc#1174713, CVE-2020-16135):</p>
<ul>
<li>CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)</li>
<li>Improve handling of library initialization (T222)</li>
<li>Fix parsing of subsecond times in SFTP (T219)</li>
<li>Make the documentation reproducible</li>
<li>Remove deprecated API usage in OpenSSL</li>
<li>Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN</li>
<li>Define version in one place (T226)</li>
<li>Prevent invalid free when using different C runtimes than OpenSSL (T229)</li>
<li>Compatibility improvements to testsuite </li>
</ul>
<p>Update to version 0.9.4:</p>
<ul>
<li>https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/</li>
<li>Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)</li>
</ul>
<p>Update to version 0.9.3:</p>
<ul>
<li>Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)</li>
<li>SSH-01-003 Client: Missing NULL check leads to crash in erroneous state</li>
<li>SSH-01-006 General: Various unchecked Null-derefs cause DOS</li>
<li>SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys</li>
<li>SSH-01-010 SSH: Deprecated hash function in fingerprinting</li>
<li>SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS</li>
<li>SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access</li>
<li>SSH-01-001 State Machine: Initial machine states should be set explicitly</li>
<li>SSH-01-002 Kex: Differently bound macros used to iterate same array</li>
<li>SSH-01-005 Code-Quality: Integer sign confusion during assignments</li>
<li>SSH-01-008 SCP: Protocol Injection via unescaped File Names</li>
<li>SSH-01-009 SSH: Update documentation which RFCs are implemented</li>
<li>SSH-01-012 PKI: Information leak via uninitialized stack buffer</li>
</ul>
<p>Update to version 0.9.2:</p>
<ul>
<li>Fixed libssh-config.cmake</li>
<li>Fixed issues with rsa algorithm negotiation (T191)</li>
<li>Fixed detection of OpenSSL ed25519 support (T197)</li>
</ul>
<p>Update to version 0.9.1:</p>
<ul>
<li>Added support for Ed25519 via OpenSSL</li>
<li>Added support for X25519 via OpenSSL</li>
<li>Added support for localuser in Match keyword</li>
<li>Fixed Match keyword to be case sensitive</li>
<li>Fixed compilation with LibreSSL</li>
<li>Fixed error report of channel open (T75)</li>
<li>Fixed sftp documentation (T137)</li>
<li>Fixed known_hosts parsing (T156)</li>
<li>Fixed build issue with MinGW (T157)</li>
<li>Fixed build with gcc 9 (T164)</li>
<li>Fixed deprecation issues (T165)</li>
<li>Fixed known_hosts directory creation (T166)</li>
</ul>
<p>Update to verion 0.9.0:</p>
<ul>
<li>Added support for AES-GCM</li>
<li>Added improved rekeying support</li>
<li>Added performance improvements</li>
<li>Disabled blowfish support by default</li>
<li>Fixed several ssh config parsing issues</li>
<li>Added support for DH Group Exchange KEX</li>
<li>Added support for Encrypt-then-MAC mode</li>
<li>Added support for parsing server side configuration file</li>
<li>Added support for ECDSA/Ed25519 certificates</li>
<li>Added FIPS 140-2 compatibility</li>
<li>Improved known_hosts parsing</li>
<li>Improved documentation</li>
<li>
<p>Improved OpenSSL API usage for KEX, DH, and signatures</p>
</li>
<li>
<p>Add libssh client and server config files</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-539=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-539=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-539=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-539=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libssh-devel-0.9.8-3.12.2</li>
<li>libssh4-debuginfo-0.9.8-3.12.2</li>
<li>libssh4-0.9.8-3.12.2</li>
<li>libssh-debugsource-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>libssh4-debuginfo-0.9.8-3.12.2</li>
<li>libssh-config-0.9.8-3.12.2</li>
<li>libssh4-0.9.8-3.12.2</li>
<li>libssh-debugsource-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64)
<ul>
<li>libssh4-32bit-0.9.8-3.12.2</li>
<li>libssh4-debuginfo-32bit-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libssh4-debuginfo-0.9.8-3.12.2</li>
<li>libssh-config-0.9.8-3.12.2</li>
<li>libssh4-0.9.8-3.12.2</li>
<li>libssh-debugsource-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (s390x x86_64)
<ul>
<li>libssh4-32bit-0.9.8-3.12.2</li>
<li>libssh4-debuginfo-32bit-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>libssh4-debuginfo-0.9.8-3.12.2</li>
<li>libssh-config-0.9.8-3.12.2</li>
<li>libssh4-0.9.8-3.12.2</li>
<li>libssh-debugsource-0.9.8-3.12.2</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64)
<ul>
<li>libssh4-32bit-0.9.8-3.12.2</li>
<li>libssh4-debuginfo-32bit-0.9.8-3.12.2</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2019-14889.html">https://www.suse.com/security/cve/CVE-2019-14889.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-16135.html">https://www.suse.com/security/cve/CVE-2020-16135.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2020-1730.html">https://www.suse.com/security/cve/CVE-2020-1730.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2021-3634.html">https://www.suse.com/security/cve/CVE-2021-3634.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-1667.html">https://www.suse.com/security/cve/CVE-2023-1667.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-2283.html">https://www.suse.com/security/cve/CVE-2023-2283.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-48795.html">https://www.suse.com/security/cve/CVE-2023-48795.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6004.html">https://www.suse.com/security/cve/CVE-2023-6004.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6918.html">https://www.suse.com/security/cve/CVE-2023-6918.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1158095">https://bugzilla.suse.com/show_bug.cgi?id=1158095</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1168699">https://bugzilla.suse.com/show_bug.cgi?id=1168699</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1174713">https://bugzilla.suse.com/show_bug.cgi?id=1174713</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1189608">https://bugzilla.suse.com/show_bug.cgi?id=1189608</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211188">https://bugzilla.suse.com/show_bug.cgi?id=1211188</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211190">https://bugzilla.suse.com/show_bug.cgi?id=1211190</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218126">https://bugzilla.suse.com/show_bug.cgi?id=1218126</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218186">https://bugzilla.suse.com/show_bug.cgi?id=1218186</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1218209">https://bugzilla.suse.com/show_bug.cgi?id=1218209</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-7719">https://jira.suse.com/browse/PED-7719</a>
</li>
</ul>
</div>