LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:          Important: libssh2 security update
Advisory ID:       SLSA-2019:0679-1
Issue Date:        2019-03-28
CVE Numbers:       CVE-2019-3855
                   CVE-2019-3856
                   CVE-2019-3857
                   CVE-2019-3863
--

Security Fix(es):

* libssh2: Integer overflow in transport read resulting in out of bounds
write (CVE-2019-3855)

* libssh2: Integer overflow in keyboard interactive handling resulting in
out of bounds write (CVE-2019-3856)

* libssh2: Integer overflow in SSH packet processing channel resulting in
out of bounds write (CVE-2019-3857)

* libssh2: Integer overflow in user authenticate keyboard interactive
allows out-of-bounds writes (CVE-2019-3863)
--

SL7
  x86_64
    libssh2-1.4.3-12.el7_6.2.i686.rpm
    libssh2-1.4.3-12.el7_6.2.x86_64.rpm
    libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm
    libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm
    libssh2-devel-1.4.3-12.el7_6.2.i686.rpm
    libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm
    libssh2-1.4.3-12.el7_6.2.src.rpm
  noarch
    libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm

- Scientific Linux Development Team