Lucene search

K
oraclelinuxOracleLinuxELSA-2019-2136
HistoryAug 13, 2019 - 12:00 a.m.

libssh2 security, bug fix, and enhancement update

2019-08-1300:00:00
linux.oracle.com
52

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.029 Low

EPSS

Percentile

89.7%

[1.8.0-3]

  • sanitize public header file (detected by rpmdiff)
    [1.8.0-2]
  • fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863)
  • fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
  • fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)
  • fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858)
  • fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
  • fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
  • fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
    [1.8.0-1]
  • rebase to 1.8.0 (#1592784)

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.029 Low

EPSS

Percentile

89.7%

Related for ELSA-2019-2136