Name: | libssh2 |
---|---|
Version: | 1.4.3 |
Release: | 12.0.1.el7_6.3 |
Architecture: | i686 |
Group: | System Environment/Libraries |
Size: | 336454 |
License: | BSD |
RPM: | libssh2-1.4.3-12.0.1.el7_6.3.i686.rpm |
Source RPM: | libssh2-1.4.3-12.0.1.el7_6.3.src.rpm |
Build Date: | Mon Jul 29 2019 |
Build Host: | x86-ol7-builder-03.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.libssh2.org/ |
Summary: | A library implementing the SSH2 protocol |
Description: | libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). |
- Bump and rebuild.
- fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862)
- sanitize public header file (detected by rpmdiff)
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- session: avoid printing misleading debug messages (#1503294) - scp: send valid commands for remote execution (#1489733)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782)
- curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717)
- Mass rebuild 2014-01-24
- Mass rebuild 2013-12-27