Date: Mon, 18 Mar 2019 22:42:19 +0100 (CET) From: Daniel Stenberg <daniel@...x.se> To: libssh2 development <libssh2-devel@...l.haxx.se>, oss-security@...ts.openwall.com Subject: [SECURITY ADVISORIES] libssh2 Hello! I'm writing you to announce the release of nine separate security advisories concerning libssh2. All these fixes are also included in the brand new libssh2 1.8.1 release, just shipped and available on https://www.libssh2.org/ CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3855.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3856.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch CVE-2019-3857 Possible integer overflow leading to zero-byte allocation and out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3857.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch CVE-2019-3858 Possible zero-byte allocation leading to an out-of-bounds read URL: https://www.libssh2.org/CVE-2019-3858.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch CVE-2019-3859 Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev` URL: https://www.libssh2.org/CVE-2019-3859.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch CVE-2019-3860 Out-of-bounds reads with specially crafted SFTP packets URL: https://www.libssh2.org/CVE-2019-3860.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch CVE-2019-3861 Out-of-bounds reads with specially crafted SSH packets URL: https://www.libssh2.org/CVE-2019-3861.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch CVE-2019-3862 Out-of-bounds memory comparison URL: https://www.libssh2.org/CVE-2019-3862.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch CVE-2019-3863 Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes URL: https://www.libssh2.org/CVE-2019-3863.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt -- / daniel.haxx.se
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.