libssh2-1.8.0-3.el7
エラータID: AXSA:2019-4034:04
The libssh2 packages provide a library that implements the SSH2 protocol.
The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). (BZ#1592784)
Security Fix(es):
* libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858)
* libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-3858
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
CVE-2019-3861
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
Update packages.
An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory.
N/A
SRPMS
- libssh2-1.8.0-3.el7.src.rpm
MD5: 9f1fe29dbcbb8f62a84c886127f16eb5
SHA-256: 5a905b7d57e6a9005fc92e3258a805bd5b13a711be7290561c97e3c47a203d5e
Size: 859.29 kB
Asianux Server 7 for x86_64
- libssh2-1.8.0-3.el7.x86_64.rpm
MD5: 194571a3adab3aa03a4f17eee7eeb7f2
SHA-256: 8477f5617709e868930e77298dc3361ad25fe1abe2f54fc17cdb96a0f0b8657e
Size: 86.65 kB - libssh2-1.8.0-3.el7.i686.rpm
MD5: 2930f36589ad9e5eea699b43bbf7b879
SHA-256: ecfe61cb6cf6f9519ef61066ca6994c85fcd7227a675b097cb147fd926a19193
Size: 87.09 kB