Synopsis: Moderate: libssh2 security, bug fix, and enhancement update Advisory ID: SLSA-2019:2136-1 Issue Date: 2019-08-06 CVE Numbers: CVE-2019-3861 CVE-2019-3858 -- The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). Security Fix(es): * libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858) * libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) -- SL7 x86_64 libssh2-1.8.0-3.el7.x86_64.rpm libssh2-1.8.0-3.el7.i686.rpm libssh2-devel-1.8.0-3.el7.i686.rpm libssh2-docs-1.8.0-3.el7.noarch.rpm libssh2-devel-1.8.0-3.el7.x86_64.rpm libssh2-debuginfo-1.8.0-3.el7.i686.rpm libssh2-debuginfo-1.8.0-3.el7.x86_64.rpm noarch libssh2-docs-1.8.0-3.el7.noarch.rpm - Scientific Linux Development Team