Upstream information

CVE-2012-4562 at MITRE

Description

Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 789827 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP2
  • libssh2 >= 0.2-5.18.1
Patchnames:
sledsp2-libssh2
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libssh2 >= 0.2-5.18.1
Patchnames:
sdksp2-libssh2
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libssh2 >= 0.2-5.20.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libssh2
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libssh2 >= 0.2-5.18.1
sle11-sp2-sdk.ppc
sled11-sp2.x86
sle11-sp2-sdk.s390x
sled11-sp2.x86-64
sle11-sp2-sdk.x86-64
sle11-sp2-sdk.ia64
sle11-sp2-sdk.x86
SAT Patch Nr: 7073


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 SP2 libssh Released
SUSE Linux Enterprise SDK 11 SP2 libssh Released