Name: | libssh2 |
---|---|
Version: | 1.4.3 |
Release: | 12.0.1.el7_6.2 |
Architecture: | aarch64 |
Group: | System Environment/Libraries |
Size: | 370478 |
License: | BSD |
RPM: | libssh2-1.4.3-12.0.1.el7_6.2.aarch64.rpm |
Source RPM: | libssh2-1.4.3-12.0.1.el7_6.2.src.rpm |
Build Date: | Wed Jun 19 2019 |
Build Host: | ca-buildarm04.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.libssh2.org/ |
Summary: | A library implementing the SSH2 protocol |
Description: | libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). |
- [Orabug: 29909723] Added patch CVE-2019-3862 added length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add()(CVE-2019-3862)
- sanitize public header file (detected by rpmdiff)
- fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
- session: avoid printing misleading debug messages (#1503294) - scp: send valid commands for remote execution (#1489733)
- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787)
- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782)
- curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717)
- Mass rebuild 2014-01-24
- Mass rebuild 2013-12-27
- fix very slow sftp upload to localhost - fix a use after free in channel.c