ELSA-2019-1652

ELSA-2019-1652 - libssh2 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2019-07-02

Description

[1.4.2-3.0.1.el6_10.1]
- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)
Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)

[1.4.2-3.el6_10.1]
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)

- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)

Related CVEs

CVE-2019-3857

CVE-2019-3856

CVE-2019-3855

CVE-2019-3863

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 6 (i386)	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439	-	ol6_i386_latest
	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439	-	ol6_u10_i386_patch
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	37e846caed9afc2eea9590a96adfc3b4ab2f739383c1d8c5ef40ae7520f043f3	-	ol6_i386_latest
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	37e846caed9afc2eea9590a96adfc3b4ab2f739383c1d8c5ef40ae7520f043f3	-	ol6_u10_i386_patch
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	abd02dafbecd8be64adf9b4cc77c0edd767c9e7ef8c6a1785555316bc69dfb1f	-	ol6_i386_latest
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	abd02dafbecd8be64adf9b4cc77c0edd767c9e7ef8c6a1785555316bc69dfb1f	-	ol6_u10_i386_patch
	libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpm	dd769f3e2498b57eb3b6c64d12c1842d3a3172226f4cee571d217e7f19ab97e9	-	ol6_i386_latest
	libssh2-docs-1.4.2-3.0.1.el6_10.1.i686.rpm	dd769f3e2498b57eb3b6c64d12c1842d3a3172226f4cee571d217e7f19ab97e9	-	ol6_u10_i386_patch
Oracle Linux 6 (x86_64)	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439	-	ol6_u10_x86_64_patch
	libssh2-1.4.2-3.0.1.el6_10.1.src.rpm	7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439	-	ol6_x86_64_latest
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	37e846caed9afc2eea9590a96adfc3b4ab2f739383c1d8c5ef40ae7520f043f3	-	ol6_u10_x86_64_patch
	libssh2-1.4.2-3.0.1.el6_10.1.i686.rpm	37e846caed9afc2eea9590a96adfc3b4ab2f739383c1d8c5ef40ae7520f043f3	-	ol6_x86_64_latest
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.18.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.19.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.20.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.21.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.22.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.23.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.25.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.26.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.27.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.28.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.29.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.30.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.31.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.32.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.33.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	exadata_dbserver_18.1.34.0.0_x86_64_base
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	ol6_u10_x86_64_patch
	libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm	18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028	-	ol6_x86_64_latest
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	abd02dafbecd8be64adf9b4cc77c0edd767c9e7ef8c6a1785555316bc69dfb1f	-	ol6_u10_x86_64_patch
	libssh2-devel-1.4.2-3.0.1.el6_10.1.i686.rpm	abd02dafbecd8be64adf9b4cc77c0edd767c9e7ef8c6a1785555316bc69dfb1f	-	ol6_x86_64_latest
	libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpm	fd92291b474ec6f57a9462f1e4cbf61aa8de0010de4b215cab88df03fccd677a	-	ol6_u10_x86_64_patch
	libssh2-devel-1.4.2-3.0.1.el6_10.1.x86_64.rpm	fd92291b474ec6f57a9462f1e4cbf61aa8de0010de4b215cab88df03fccd677a	-	ol6_x86_64_latest
	libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpm	3b9267fd17b6110123b90dbc6262ecaae2d5942494d12e0c84a0e35e29c60cb9	-	ol6_u10_x86_64_patch
	libssh2-docs-1.4.2-3.0.1.el6_10.1.x86_64.rpm	3b9267fd17b6110123b90dbc6262ecaae2d5942494d12e0c84a0e35e29c60cb9	-	ol6_x86_64_latest

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team