FEDORA-2019-70a9d4f970

security update in Fedora 30 for libssh2

Status: stable 5 months ago

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 13

This update has been submitted for testing by pghmcfc.

This update has been pushed to testing.

works for me in a VM

karma: +1

pghmcfc edited this update.

New build(s):

  • libssh2-1.8.2-1.fc30

Removed build(s):

  • libssh2-1.8.1-1.fc30

Karma has been reset.

This update has been submitted for testing by pghmcfc.

This update has been pushed to testing.

works

karma: +1

Basic tests made. Works fine.

karma: +1 critpath: +1

This update has been submitted for batched by bodhi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
+3
stable threshold: 3
unstable threshold: -1
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 6 months ago
in testing 6 months ago
in stable 5 months ago
modified 6 months ago

Related Bugs 12

00 #1687303 CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write
00 #1687304 CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
00 #1687305 CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
00 #1687306 CVE-2019-3858 libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
00 #1687307 CVE-2019-3859 libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read
00 #1687310 CVE-2019-3860 libssh2: Out-of-bounds reads with specially crafted SFTP packets
00 #1687311 CVE-2019-3861 libssh2: Out-of-bounds reads with specially crafted SSH packets
00 #1687312 CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request
00 #1687313 CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
00 #1690165 libssh2-1.8.1 is available
00 #1690408 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]
00 #1692538 libssh2-1.8.2 is available

Automated Test Results