ELSA-2019-1652

ULN >
Oracle Linux Errata repository >
ELSA-2019-1652

ELSA-2019-1652 - libssh2 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2019-07-02

Description

[1.4.2-3.0.1.el6_10.1]
- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)
Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)

[1.4.2-3.el6_10.1]
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)

- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 6 (i386)	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	9e6e5697ca6637836cc131fc675d1d6b	-
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	539ad977b353cc4fa8b4933bdd8fad09	-
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	081e70689ddd016819100dfab440c6be	-
	libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpm	9544334c0d3104ac64705322a7d787ba	-

Oracle Linux 6 (x86_64)	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	9e6e5697ca6637836cc131fc675d1d6b	-
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	539ad977b353cc4fa8b4933bdd8fad09	-
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	49daaddc44af8c31e320fc6c7e38d9b3	-
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	081e70689ddd016819100dfab440c6be	-
	libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpm	a662f9d97e15d395b890c77b6d4367bc	-
	libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpm	4de23e57698fe31da625fa29e0c0457b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691