OVMSA-2019-0032 - libssh2 security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-07-03 |
Description
[1.4.2-3.0.1.el6_10.1]
- [Orabug: 29909723] Added patch CVE-2019-3862. (qing.lin@oracle.com)
Added Additional length checks to prevent out-of-bounds (CVE-2019-3862)
[1.4.2-3.el6_10.1]
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
- fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
- fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
- fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | libssh2-1.4.2-3.0.1.el6_10.1.src.rpm | 7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439 | - | ovm3_x86_64_3.3_patch |
| libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm | 18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028 | - | ovm3_x86_64_3.3_patch |
|
| Oracle VM 3.4 (x86_64) | libssh2-1.4.2-3.0.1.el6_10.1.src.rpm | 7b2589813c5c363bf11fdb8e6c96db95647f11f8ea35cdf43501eddf1db89439 | - | ovm34_x86_64_latest |
| libssh2-1.4.2-3.0.1.el6_10.1.x86_64.rpm | 18b8d6200fadeab8640869d5d889467e02c3414c98ab4a3c7b228b860a03f028 | - | ovm34_x86_64_latest |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
