OVMSA-2019-0032 - libssh2 security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2019-07-03 |
Description
[1.4.2-3.0.1.el6_10.1]
- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)
Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)
[1.4.2-3.el6_10.1]
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle VM 3.3 (x86_64) | libssh2-1.4.2-3.0.1.el6_10.1.src.rpm | 9e6e5697ca6637836cc131fc675d1d6b | - |
| libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm | 49daaddc44af8c31e320fc6c7e38d9b3 | - |
|
| Oracle VM 3.4 (x86_64) | libssh2-1.4.2-3.0.1.el6_10.1.src.rpm | 9e6e5697ca6637836cc131fc675d1d6b | - |
| libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm | 49daaddc44af8c31e320fc6c7e38d9b3 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
