| Name: | libssh2 |
|---|---|
| Version: | 1.8.0 |
| Release: | 4.el7 |
| Architecture: | aarch64 |
| Group: | System Environment/Libraries |
| Size: | 207848 |
| License: | BSD |
| RPM: | libssh2-1.8.0-4.el7.aarch64.rpm |
| Source RPM: | libssh2-1.8.0-4.el7.src.rpm |
| Build Date: | Sun May 24 2020 |
| Build Host: | ca-buildarm03.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.libssh2.org/ |
| Summary: | A library implementing the SSH2 protocol |
| Description: | libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). |
- fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)
- sanitize public header file (detected by rpmdiff)
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) - fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- rebase to 1.8.0 (#1592784)
- session: avoid printing misleading debug messages (#1503294) - scp: send valid commands for remote execution (#1489733)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782)
- curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717)
- Mass rebuild 2014-01-24
- Mass rebuild 2013-12-27