FEDORA-2019-70a9d4f970 created by pghmcfc 9 months ago for Fedora 30
stable

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-70a9d4f970

This update has been submitted for testing by pghmcfc.

9 months ago

This update has been pushed to testing.

9 months ago
User Icon danniel commented & provided feedback 9 months ago
karma

works

User Icon cserpentis commented & provided feedback 9 months ago
karma

works for me in a VM

pghmcfc edited this update.

New build(s):

  • libssh2-1.8.2-1.fc30

Removed build(s):

  • libssh2-1.8.1-1.fc30

Karma has been reset.

9 months ago

This update has been submitted for testing by pghmcfc.

9 months ago

This update has been pushed to testing.

9 months ago
User Icon pwalter commented & provided feedback 9 months ago
karma

Works

User Icon nb commented & provided feedback 8 months ago
karma

works

User Icon kuosmanen commented & provided feedback 8 months ago
karma

Basic tests made. Works fine.

This update has been submitted for batched by bodhi.

8 months ago

This update has been submitted for stable by bodhi.

8 months ago

This update has been pushed to stable.

8 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
3
Dates
submitted
9 months ago
in testing
9 months ago
in stable
8 months ago
modified
9 months ago
BZ#1687303 CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write
0
0
BZ#1687304 CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
0
0
BZ#1687305 CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
0
0
BZ#1687306 CVE-2019-3858 libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
0
0
BZ#1687307 CVE-2019-3859 libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read
0
0
BZ#1687310 CVE-2019-3860 libssh2: Out-of-bounds reads with specially crafted SFTP packets
0
0
BZ#1687311 CVE-2019-3861 libssh2: Out-of-bounds reads with specially crafted SSH packets
0
0
BZ#1687312 CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request
0
0
BZ#1687313 CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
0
0
BZ#1690165 libssh2-1.8.1 is available
0
0
BZ#1690408 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]
0
0
BZ#1692538 libssh2-1.8.2 is available
0
0

Automated Test Results