stable

libssh2-1.8.1-1.fc29

FEDORA-2019-f31c14682f created by pghmcfc 6 years ago for Fedora 29

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2019-f31c14682f

This update has been submitted for testing by pghmcfc.

6 years ago

This update has been pushed to testing.

6 years ago
User Icon bojan commented & provided feedback 6 years ago
karma

Works here.

User Icon bojan commented & provided feedback 6 years ago
karma

Works here.

User Icon besser82 commented & provided feedback 6 years ago
karma

Works great! LGTM! =)

User Icon renault commented & provided feedback 6 years ago
karma

Works fine

This update has been submitted for batched by bodhi.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-1
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
Builds
1
libssh2-1.8.1-1.fc29
BZ#1687303 CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write
0
0
BZ#1687304 CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
0
0
BZ#1687305 CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
0
0
BZ#1687306 CVE-2019-3858 libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read
0
0
BZ#1687307 CVE-2019-3859 libssh2: Unchecked use of _libssh2_packet_require and _libssh2_packet_requirev resulting in out-of-bounds read
0
0
BZ#1687310 CVE-2019-3860 libssh2: Out-of-bounds reads with specially crafted SFTP packets
0
0
BZ#1687311 CVE-2019-3861 libssh2: Out-of-bounds reads with specially crafted SSH packets
0
0
BZ#1687312 CVE-2019-3862 libssh2: Out-of-bounds memory comparison with specially crafted message channel request
0
0
BZ#1687313 CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes
0
0
BZ#1690165 libssh2-1.8.1 is available
0
0
BZ#1690408 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 libssh2: various flaws [fedora-all]
0
0
libssh2-1.8.1-1.fc29

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-rvwvq.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy