| Name: | libssh2 |
|---|---|
| Version: | 1.8.0 |
| Release: | 3.el7 |
| Architecture: | x86_64 |
| Group: | System Environment/Libraries |
| Size: | 191512 |
| License: | BSD |
| RPM: | libssh2-1.8.0-3.el7.x86_64.rpm |
| Source RPM: | libssh2-1.8.0-3.el7.src.rpm |
| Build Date: | Sun Jun 09 2019 |
| Build Host: | x86-ol7-builder-01.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.libssh2.org/ |
| Summary: | A library implementing the SSH2 protocol |
| Description: | libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). |
- sanitize public header file (detected by rpmdiff)
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) - fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- rebase to 1.8.0 (#1592784)
- session: avoid printing misleading debug messages (#1503294) - scp: send valid commands for remote execution (#1489733)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782)
- curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717)
- Mass rebuild 2014-01-24
- Mass rebuild 2013-12-27
- fix very slow sftp upload to localhost - fix a use after free in channel.c