An updated libssh2 package that fixes two bugs is now available for Red Hat Enterprise Linux 6.
The libssh2 package provides a library that implements the SSH2 protocol.
Previously, an insufficient data type was used for certain bit shift operations in the libssh2 code. This could result in an arithmetic overflow, which caused the curl utility to terminate unexpectedly when downloading files larger than 2 GB over the SFTP protocol. With this update, the underlying code has been modified to use the correct data type and curl now works as expected in the scenario described.
When sending a large amount of data over SSH, libssh2 could, under certain circumstances, fail to resume an interrupted key exchange. Instead of that, further data was erroneously sent, which caused the remote site to close the connection immediately. This update modifies the code of libssh2 so that libssh2 now properly resumes the interrupted key exchange before sending any further data. The connection remains open and the data transfer proceeds as expected.
All users of libssh2 are advised to upgrade to this updated package, which fixes these bugs. After installing this updated package, all running applications using libssh2 have to be restarted for this update to take effect.