openSUSE Security Update: Security update for libssh2_org ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0534-1 Rating: moderate References: #921070 Cross-References: CVE-2015-1782 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: libssh2_org was updated to version 1.5.0 to fix bugs and a security issue. Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend Bug fixes: - Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 - missing _libssh2_error in _libssh2_channel_write - knownhost: Fix DSS keys being detected as unknown. - knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. - libssh2.h: on Windows, a socket is of type SOCKET, not int - libssh2_priv.h: a 1 bit bit-field should be unsigned - windows build: do not export externals from static library - Fixed two potential use-after-frees of the payload buffer - Fixed a few memory leaks in error paths - userauth: Fixed an attempt to free from stack on error - agent_list_identities: Fixed memory leak on OOM - knownhosts: Abort if the hosts buffer is too small - sftp_close_handle: ensure the handle is always closed - channel_close: Close the channel even in the case of errors - docs: added missing libssh2_session_handshake.3 file - docs: fixed a bunch of typos - userauth_password: pass on the underlying error code - _libssh2_channel_forward_cancel: accessed struct after free - _libssh2_packet_add: avoid using uninitialized memory - _libssh2_channel_forward_cancel: avoid memory leaks on error - _libssh2_channel_write: client spins on write when window full - windows build: fix build errors - publickey_packet_receive: avoid junk in returned pointers - channel_receive_window_adjust: store windows size always - userauth_hostbased_fromfile: zero assign to avoid uninitialized use - configure: change LIBS not LDFLAGS when checking for libs - agent_connect_unix: make sure there's a trailing zero - MinGW build: Fixed redefine warnings. - sftpdir.c: added authentication method detection. - Watcom build: added support for WinCNG build. - configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS - sftp_statvfs: fix for servers not supporting statfvs extension - knownhost.c: use LIBSSH2_FREE macro instead of free - Fixed compilation using mingw-w64 - knownhost.c: fixed that 'key_type_len' may be used uninitialized - configure: Display individual crypto backends on separate lines - examples on Windows: check for WSAStartup return code - examples on Windows: check for socket return code - agent.c: check return code of MapViewOfFile - kex.c: fix possible NULL pointer de-reference with session->kex - packet.c: fix possible NULL pointer de-reference within listen_state - tests on Windows: check for WSAStartup return code - userauth.c: improve readability and clarity of for-loops - examples on Windows: use native SOCKET-type instead of int - packet.c: i < 256 was always true and i would overflow to 0 - kex.c: make sure mlist is not set to NULL - session.c: check return value of session_nonblock in debug mode - session.c: check return value of session_nonblock during startup - userauth.c: make sure that sp_len is positive and avoid overflows - knownhost.c: fix use of uninitialized argument variable wrote - openssl: initialise the digest context before calling EVP_DigestInit() - libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib - configure.ac: Rework crypto library detection - configure.ac: Reorder --with-* options in --help output - configure.ac: Call zlib zlib and not libz in text but keep option names - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro - sftp: seek: Don't flush buffers on same offset - sftp: statvfs: Along error path, reset the correct 'state' variable. - sftp: Add support for fsync (OpenSSH extension). - _libssh2_channel_read: fix data drop when out of window - comp_method_zlib_decomp: Improve buffer growing algorithm - _libssh2_channel_read: Honour window_size_initial - window_size: redid window handling for flow control reasons - knownhosts: handle unknown key types Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-242=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-242=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libssh2-1-1.5.0-9.4.1 libssh2-1-debuginfo-1.5.0-9.4.1 libssh2-devel-1.5.0-9.4.1 libssh2_org-debugsource-1.5.0-9.4.1 - openSUSE 13.2 (x86_64): libssh2-1-32bit-1.5.0-9.4.1 libssh2-1-debuginfo-32bit-1.5.0-9.4.1 - openSUSE 13.1 (i586 x86_64): libssh2-1-1.5.0-7.4.1 libssh2-1-debuginfo-1.5.0-7.4.1 libssh2-devel-1.5.0-7.4.1 libssh2_org-debugsource-1.5.0-7.4.1 - openSUSE 13.1 (x86_64): libssh2-1-32bit-1.5.0-7.4.1 libssh2-1-debuginfo-32bit-1.5.0-7.4.1 References: http://support.novell.com/security/cve/CVE-2015-1782.html https://bugzilla.suse.com/921070