Security Bulletin: IBM QRadar Network Security is affected by multiple libssh2 vulnerabilities (CVE-2019-3863, CVE-2019-3857, CVE-2019-3856, CVE-2019-3855)

Summary IBM QRadar Network Security has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in user authenticate keyboard interactive. By sendi...

Oracle Linux 7 : libssh2 (ELSA-2019-4692)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4692 advisory. 1.4.3-12.0.1.el76.2 - Orabug: 29909723 Added patch CVE-2019-3862 added length checks to prevent out-of-bounds reads and writes in libssh2packetaddCVE-2019-3862...

Oracle Linux 6 : libssh2 (ELSA-2019-4693)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4693 advisory. 1.4.2-2.0.1.el67.1 - Orabug: 29909723 Added patch CVE-2019-3862. Added Additional length checks to prevent out-of-bounds CVE-2019-3862 Tenable has extracted the...

OracleVM 3.4 : libssh2 (OVMSA-2019-0028)

The remote OracleVM system is missing necessary patches to address critical security updates : - Orabug: 29909723 Added patch CVE-2019-3862. Added Additional length checks to prevent out-of-bounds CVE-2019-3862 C Tenable Network Security, Inc. The package checks in this plugin were extracted from...

libssh2 security update

1.4.2-2.0.1.el67.1 - Orabug: 29909723 Added patch CVE-2019-3862. Added Additional length checks to prevent out-of-bounds CVE-2019-3862...

libssh2 security update

1.4.3-12.0.1.el76.2 - Orabug: 29909723 Added patch CVE-2019-3862 added length checks to prevent out-of-bounds reads and writes in libssh2packetaddCVE-2019-3862...

Security Bulletin: Vulnerabiliies in libssh2 affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in libssh2. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in user authenticate keyboa...

Photon OS 1.0: Libssh2 PHSA-2019-1.0-0222

An update of the libssh2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0222. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 1.0: Libssh2 PHSA-2019-1.0-0220

An update of the libssh2 package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-1.0-0220. The text itself is copyright C VMware, Inc. include"compat.inc"; if description...

libssh2: Integer overflow in transport read resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write

An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

EulerOS Virtualization for ARM 64 3.0.1.0 : libssh2 (EulerOS-SA-2019-1393)

According to the versions of the libssh2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and...

EulerOS Virtualization 3.0.1.0 : libssh2 (EulerOS-SA-2019-1429)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and...

EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1360)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote...

EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1362)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from th...

Fedora Update for libssh2 FEDORA-2019-f31c14682f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 30 : libssh2 (2019-70a9d4f970)

This update addresses various overflow conditions that could result in possible memory read/write out of bounds errors or zero byte allocations when connected to a malicious server. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...

EulerOS 2.0 SP3 : libssh2 (EulerOS-SA-2019-1309)

According to the versions of the libssh2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds read flaw was discovered in libssh2 when a specially crafted SFTP packet is received from the server. A remote attacker who...