SUSE-SU-2024:0543-1

Import Source

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2024:0543-1

Related

Published

2024-02-20T15:04:50Z

Modified

2024-02-20T15:04:50Z

Summary

Security update for libssh2_org

Details

This update for libssh2_org fixes the following issues:

Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com' when configuring custom method list. [bsc#1218971, CVE-2023-48795]
- The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically.

References

Affected packages

Name: libssh2_org
Purl: purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.0-29.12.1

{
    "binaries": [
        {
            "libssh2-devel": "1.11.0-29.12.1"
        }
    ]
}

Name: libssh2_org
Purl: purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.0-29.12.1

{
    "binaries": [
        {
            "libssh2-1": "1.11.0-29.12.1",
            "libssh2-1-32bit": "1.11.0-29.12.1"
        }
    ]
}

Name: libssh2_org
Purl: purl:rpm/suse/libssh2_org&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.0-29.12.1

{
    "binaries": [
        {
            "libssh2-1": "1.11.0-29.12.1",
            "libssh2-1-32bit": "1.11.0-29.12.1"
        }
    ]
}