FEDORA-2019-9d85600fc7 created by pghmcfc 10 months ago for Fedora 30
stable

A vulnerability was discovered in libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.

This update, to the latest current upstream release 1.9.0, addresses this security issue and also includes a number of other bug fixes and enhancements as described in the package changelog.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-9d85600fc7

This update has been submitted for testing by pghmcfc.

10 months ago

This update test gating status has been changed to 'waiting'.

10 months ago

This update test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago
karma
User Icon pwalter commented & provided feedback 10 months ago
karma

Works

This update can be pushed to stable now if the maintainer wishes

10 months ago

This update has been submitted for stable by pghmcfc.

9 months ago

This update has been pushed to stable.

9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
3
Dates
submitted
10 months ago
in testing
10 months ago
in stable
9 months ago
BZ#1731324 CVE-2019-13115 libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write
0
0
BZ#1731325 CVE-2019-13115 libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write [fedora-all]
0
0

Automated Test Results