FEDORA-2019-f31c14682f created by pghmcfc a year ago for Fedora 29
stable

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2019-f31c14682f

This update has been submitted for testing by pghmcfc.

a year ago

This update has been pushed to testing.

a year ago
User Icon bojan commented & provided feedback a year ago
karma

Works here.

User Icon bojan commented & provided feedback a year ago
karma

Works here.

User Icon besser82 commented & provided feedback a year ago
karma

Works great! LGTM! =)

User Icon renault commented & provided feedback a year ago
karma

Works fine

This update has been submitted for batched by bodhi.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-1
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#1687303 CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write
0
0
BZ#1687304 CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
0
0
BZ#1687305 CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
0
0
BZ#1687306 CVE-2019-3858 libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
0
0
BZ#1687307 CVE-2019-3859 libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read
0
0
BZ#1687310 CVE-2019-3860 libssh2: Out-of-bounds reads with specially crafted SFTP packets
0
0
BZ#1687311 CVE-2019-3861 libssh2: Out-of-bounds reads with specially crafted SSH packets
0
0
BZ#1687312 CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request
0
0
BZ#1687313 CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
0
0
BZ#1690165 libssh2-1.8.1 is available
0
0
BZ#1690408 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]
0
0

Automated Test Results