Scientific Linux alert SLSA-2019:1652-1 (libssh2)


From:
               Farhan Ahmed <fahmed@fnal.gov> 
To:
               <scientific-linux-errata@listserv.fnal.gov> 
Subject:
               Security ERRATA Important: libssh2 on SL6.x i386/x86_64 
Date:
               Tue, 2 Jul 2019 15:12:16 +0000
Message-ID:
               <20190702151216.5784.96771@slpackages.fnal.gov>
Synopsis: Important: libssh2 security update
Advisory ID:       SLSA-2019:1652-1
Issue Date:        2019-07-02
CVE Numbers:       CVE-2019-3855
                   CVE-2019-3856
                   CVE-2019-3857
                   CVE-2019-3863
--

Security Fix(es):

* libssh2: Integer overflow in transport read resulting in out of bounds
write (CVE-2019-3855)

* libssh2: Integer overflow in keyboard interactive handling resulting in
out of bounds write (CVE-2019-3856)

* libssh2: Integer overflow in SSH packet processing channel resulting in
out of bounds write (CVE-2019-3857)

* libssh2: Integer overflow in user authenticate keyboard interactive
allows out-of-bounds writes (CVE-2019-3863)
--

SL6
  x86_64
    libssh2-1.4.2-3.el6_10.1.i686.rpm
    libssh2-1.4.2-3.el6_10.1.x86_64.rpm
    libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm
    libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm
    libssh2-devel-1.4.2-3.el6_10.1.i686.rpm
    libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm
    libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm
  i386
    libssh2-1.4.2-3.el6_10.1.i686.rpm
    libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm
    libssh2-devel-1.4.2-3.el6_10.1.i686.rpm
    libssh2-docs-1.4.2-3.el6_10.1.i686.rpm

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: libssh2 on SL6.x i386/x86_64
Date:		Tue, 2 Jul 2019 15:12:16 +0000
Message-ID:		<20190702151216.5784.96771@slpackages.fnal.gov>