Oval Definition:oval:com.redhat.rhsa:def:20192136
Revision Date:2019-08-06Version:636
Title:RHSA-2019:2136: libssh2 security, bug fix, and enhancement update (Moderate)
Description:The libssh2 packages provide a library that implements the SSH2 protocol.

  • The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). (BZ#1592784)

    Security Fix(es):

  • libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858)

  • libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2019-3858
    CVE-2019-3861
    RHSA-2019:2136
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libssh2 is earlier than 0:1.8.0-3.el7
  • AND libssh2 is signed with Red Hat redhatrelease2 key
  • libssh2-devel is earlier than 0:1.8.0-3.el7
  • AND libssh2-devel is signed with Red Hat redhatrelease2 key
  • libssh2-docs is earlier than 0:1.8.0-3.el7
  • AND libssh2-docs is signed with Red Hat redhatrelease2 key
    • BACK