libssh2-1.4.3-12.el7.3

エラータID: AXSA:2019-3945:03

Release date: 
Monday, August 5, 2019 - 07:54
Subject: 
libssh2-1.4.3-12.el7.3
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The libssh2 packages provide a library that implements the SSH2 protocol.

Security Fix(es):

* libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-3862
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.

Solution: 

Update packages.

CVEs: 
CVE-2019-3862
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Additional Info: 

N/A

Download: 

SRPMS
  1. libssh2-1.4.3-12.el7.3.src.rpm
    MD5: 1bcbb80497d24cc86671514bfecb13e6
    SHA-256: 256bce12ce1ae40db906cdaf9daa4fd5510e20ec5731371a0cdb6df021fb8acf
    Size: 710.19 kB

Asianux Server 7 for x86_64
  1. libssh2-1.4.3-12.el7.3.x86_64.rpm
    MD5: 418046e259e98fbe73feb1cba9d97884
    SHA-256: 9ecd11d1d78993b0b827c502095afc8da1a624b547e7174bd89202a943b99cd1
    Size: 133.76 kB
  2. libssh2-1.4.3-12.el7.3.i686.rpm
    MD5: 7b7f3ee00293cd9b24f0021e87935cb3
    SHA-256: e0e847f279ac2aaa650c28388f6ec3cf0930d45e2d176e0186a95a3efa70e8ab
    Size: 133.28 kB