ELSA-2020-3915

ELSA-2020-3915 - libssh2 security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2020-10-06

Description

[1.8.0-4]
- fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)

[1.8.0-3]
- sanitize public header file (detected by rpmdiff)

[1.8.0-2]
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
- fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
- fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)

[1.8.0-1]
- rebase to 1.8.0 (#1592784)

Related CVEs

CVE-2019-17498

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 7 (aarch64)	libssh2-1.8.0-4.el7.src.rpm	b742a2247251c82e76e3497c3587d9e5	-
	libssh2-1.8.0-4.el7.aarch64.rpm	104ab26f4c9f10dd5f94d49e507c180a	-
	libssh2-devel-1.8.0-4.el7.aarch64.rpm	7bc78575c69516a256c2499646e8a2b1	-
	libssh2-docs-1.8.0-4.el7.noarch.rpm	33469dccdd9e1020ebd5161b4d9d4ef5	-
Oracle Linux 7 (x86_64)	libssh2-1.8.0-4.el7.src.rpm	b742a2247251c82e76e3497c3587d9e5	-
	libssh2-1.8.0-4.el7.i686.rpm	e27da68cdef9918ce6b6ba4cbc978ac9	-
	libssh2-1.8.0-4.el7.x86_64.rpm	35216b3cf65671d0eb65bbf159a7aca2	-
	libssh2-devel-1.8.0-4.el7.i686.rpm	e7451efaf660b19bca94531840b3a19b	-
	libssh2-devel-1.8.0-4.el7.x86_64.rpm	3f6a55aa2bf1fd3b24686ce5be57d29e	-
	libssh2-docs-1.8.0-4.el7.noarch.rpm	33469dccdd9e1020ebd5161b4d9d4ef5	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team