libssh2 security update

2019-04-01T19:09:06
ID CESA-2019:0679
Type centos
Reporter CentOS Project
Modified 2019-04-01T19:09:06

Description

CentOS Errata and Security Advisory CESA-2019:0679

The libssh2 packages provide a library that implements the SSH2 protocol.

Security Fix(es):

  • libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)

  • libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)

  • libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)

  • libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2019-April/023259.html

Affected packages: libssh2 libssh2-devel libssh2-docs

Upstream details at: