oss-sec mailing list archives
[SECURITY ADVISORIES] libssh2
From: Daniel Stenberg <daniel () haxx se>
Date: Mon, 18 Mar 2019 22:42:19 +0100 (CET)
Hello!I'm writing you to announce the release of nine separate security advisories concerning libssh2.
All these fixes are also included in the brand new libssh2 1.8.1 release, just shipped and available on https://www.libssh2.org/
CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3855.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3856.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch CVE-2019-3857 Possible integer overflow leading to zero-byte allocation and out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3857.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch CVE-2019-3858 Possible zero-byte allocation leading to an out-of-bounds read URL: https://www.libssh2.org/CVE-2019-3858.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch CVE-2019-3859 Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev` URL: https://www.libssh2.org/CVE-2019-3859.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch CVE-2019-3860 Out-of-bounds reads with specially crafted SFTP packets URL: https://www.libssh2.org/CVE-2019-3860.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch CVE-2019-3861 Out-of-bounds reads with specially crafted SSH packets URL: https://www.libssh2.org/CVE-2019-3861.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch CVE-2019-3862 Out-of-bounds memory comparison URL: https://www.libssh2.org/CVE-2019-3862.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch CVE-2019-3863 Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes URL: https://www.libssh2.org/CVE-2019-3863.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt -- / daniel.haxx.se
Current thread:
- [SECURITY ADVISORIES] libssh2 Daniel Stenberg (Mar 18)
- Re: [SECURITY ADVISORIES] libssh2 Riccardo Schirone (Mar 19)