Synopsis

Important: libssh2 security update

Type/Severity

Security Advisory: Important

Topic

An update for libssh2 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libssh2 packages provide a library that implements the SSH2 protocol.

Security Fix(es):

• libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855)
  
• libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856)
  
• libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857)
  
• libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 1687303 - CVE-2019-3855 libssh2: Integer overflow in transport read resulting in out of bounds write
• BZ - 1687304 - CVE-2019-3856 libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write
• BZ - 1687305 - CVE-2019-3857 libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write
• BZ - 1687313 - CVE-2019-3863 libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes

CVEs

• CVE-2019-3855
• CVE-2019-3856
• CVE-2019-3857
• CVE-2019-3863

References

• https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux Server 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
x86_64
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 5ef5e918ee8ca7f328d98d99695ab442f6ca5dd77e10d68910d3bc3c42973e39
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: dfeeba91b543f94f941386bd7db18e0bda7a99ac1bdbaacc6b2995b65a7e8725
libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: a31eb67f47aca28bb7d36c9ebc92c0ef9a9ed59e7b46e1ca64ce402172fbb891
i386
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-docs-1.4.2-3.el6_10.1.i686.rpm	SHA-256: fc867ce10060c1b3bd982d9f81bbf64c281dfcaa481d87c9c2d571245740db54

Red Hat Enterprise Linux Server - Extended Life Cycle Support 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
x86_64
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 5ef5e918ee8ca7f328d98d99695ab442f6ca5dd77e10d68910d3bc3c42973e39
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: dfeeba91b543f94f941386bd7db18e0bda7a99ac1bdbaacc6b2995b65a7e8725
libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: a31eb67f47aca28bb7d36c9ebc92c0ef9a9ed59e7b46e1ca64ce402172fbb891
i386
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-docs-1.4.2-3.el6_10.1.i686.rpm	SHA-256: fc867ce10060c1b3bd982d9f81bbf64c281dfcaa481d87c9c2d571245740db54

Red Hat Enterprise Linux Workstation 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
x86_64
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 5ef5e918ee8ca7f328d98d99695ab442f6ca5dd77e10d68910d3bc3c42973e39
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: dfeeba91b543f94f941386bd7db18e0bda7a99ac1bdbaacc6b2995b65a7e8725
libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: a31eb67f47aca28bb7d36c9ebc92c0ef9a9ed59e7b46e1ca64ce402172fbb891
i386
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-docs-1.4.2-3.el6_10.1.i686.rpm	SHA-256: fc867ce10060c1b3bd982d9f81bbf64c281dfcaa481d87c9c2d571245740db54

Red Hat Enterprise Linux Desktop 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
x86_64
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 5ef5e918ee8ca7f328d98d99695ab442f6ca5dd77e10d68910d3bc3c42973e39
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: dfeeba91b543f94f941386bd7db18e0bda7a99ac1bdbaacc6b2995b65a7e8725
libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: a31eb67f47aca28bb7d36c9ebc92c0ef9a9ed59e7b46e1ca64ce402172fbb891
i386
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-docs-1.4.2-3.el6_10.1.i686.rpm	SHA-256: fc867ce10060c1b3bd982d9f81bbf64c281dfcaa481d87c9c2d571245740db54

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
s390x
libssh2-1.4.2-3.el6_10.1.s390.rpm	SHA-256: fbf97441e59ebed2576bf5d73ecadf516370602eca6d9c9b3447c16b3fd10d21
libssh2-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: 6ddd9cd018a119ac581b2de3e0947c42921e4d99e00d485357fed8da60c30c05
libssh2-debuginfo-1.4.2-3.el6_10.1.s390.rpm	SHA-256: 0ea42a4cd0e53f6708f86e032e310b44a2bd5053bb3d8dea75850c0bc344477f
libssh2-debuginfo-1.4.2-3.el6_10.1.s390.rpm	SHA-256: 0ea42a4cd0e53f6708f86e032e310b44a2bd5053bb3d8dea75850c0bc344477f
libssh2-debuginfo-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: dc979a08805d8dcf123dba064c96ce15df928feb373174abcb0c683acf1c706b
libssh2-debuginfo-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: dc979a08805d8dcf123dba064c96ce15df928feb373174abcb0c683acf1c706b
libssh2-devel-1.4.2-3.el6_10.1.s390.rpm	SHA-256: b1e590b344cdb8f69c66250111f4c11c7237abba08692312b2de0891710fcb77
libssh2-devel-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: 40cdadb6f24f9801d1bf57db2f0247d1edc9af77c6e75203a17646f298932d52
libssh2-docs-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: d271ba043f4e76e5f9b94222395112bedd320e42ba56fac4c1d2994d81a13107

Red Hat Enterprise Linux for Power, big endian 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
ppc64
libssh2-1.4.2-3.el6_10.1.ppc.rpm	SHA-256: 81af2dc3ab67f4f0c208d5a479abda152f5c4625e032ce23bf65f6af5cc1ad46
libssh2-1.4.2-3.el6_10.1.ppc64.rpm	SHA-256: a0f3b5f9340814d930f6d2e662ce21d3ed610b48756d26a398527aedbc031bc2
libssh2-debuginfo-1.4.2-3.el6_10.1.ppc.rpm	SHA-256: 9c7477e3bcbac4591a26a45af56d74cafdd9741c2b59a84a4d18e1750a5ca206
libssh2-debuginfo-1.4.2-3.el6_10.1.ppc.rpm	SHA-256: 9c7477e3bcbac4591a26a45af56d74cafdd9741c2b59a84a4d18e1750a5ca206
libssh2-debuginfo-1.4.2-3.el6_10.1.ppc64.rpm	SHA-256: abb6c1567729ae83a417dd5adbdc939f0853c7c03a3065ac331e01848866d3f5
libssh2-debuginfo-1.4.2-3.el6_10.1.ppc64.rpm	SHA-256: abb6c1567729ae83a417dd5adbdc939f0853c7c03a3065ac331e01848866d3f5
libssh2-devel-1.4.2-3.el6_10.1.ppc.rpm	SHA-256: 61537b0b28953cade8ce75bcf3df3b6103dee678a28bf638dbf524e31acfe210
libssh2-devel-1.4.2-3.el6_10.1.ppc64.rpm	SHA-256: 646fd804ebaf358f25673db055ecbe33044e071afb5076366630788ec9238424
libssh2-docs-1.4.2-3.el6_10.1.ppc64.rpm	SHA-256: 926344e479a9900394ac6228d7a5bacc790148059f75a74b8d8992159d9837a6

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
x86_64
libssh2-1.4.2-3.el6_10.1.i686.rpm	SHA-256: ac939fe5bc26773d26071855ec90436ffc68cba93076fbaa28d37b702e732358
libssh2-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 5ef5e918ee8ca7f328d98d99695ab442f6ca5dd77e10d68910d3bc3c42973e39
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.i686.rpm	SHA-256: cf15d60ac66fbc0ec112530b02331c5a7fd534aaa6edd800e691425f47c1ed2a
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-debuginfo-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: 37cdc9474699a572775ebee7fc5857db8a6b72bdb5dd0e298c85e356db9c170e
libssh2-devel-1.4.2-3.el6_10.1.i686.rpm	SHA-256: 3df9bec2ffb839831362451d1bb293213adb4bcb44b2e1851806f96b4dbecfa5
libssh2-devel-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: dfeeba91b543f94f941386bd7db18e0bda7a99ac1bdbaacc6b2995b65a7e8725
libssh2-docs-1.4.2-3.el6_10.1.x86_64.rpm	SHA-256: a31eb67f47aca28bb7d36c9ebc92c0ef9a9ed59e7b46e1ca64ce402172fbb891

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6

SRPM
libssh2-1.4.2-3.el6_10.1.src.rpm	SHA-256: 87a2e6ca44dd3fb2d41fc55c39b3e429230bae4fffbd817626efdd9a23579ed1
s390x
libssh2-1.4.2-3.el6_10.1.s390.rpm	SHA-256: fbf97441e59ebed2576bf5d73ecadf516370602eca6d9c9b3447c16b3fd10d21
libssh2-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: 6ddd9cd018a119ac581b2de3e0947c42921e4d99e00d485357fed8da60c30c05
libssh2-debuginfo-1.4.2-3.el6_10.1.s390.rpm	SHA-256: 0ea42a4cd0e53f6708f86e032e310b44a2bd5053bb3d8dea75850c0bc344477f
libssh2-debuginfo-1.4.2-3.el6_10.1.s390.rpm	SHA-256: 0ea42a4cd0e53f6708f86e032e310b44a2bd5053bb3d8dea75850c0bc344477f
libssh2-debuginfo-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: dc979a08805d8dcf123dba064c96ce15df928feb373174abcb0c683acf1c706b
libssh2-debuginfo-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: dc979a08805d8dcf123dba064c96ce15df928feb373174abcb0c683acf1c706b
libssh2-devel-1.4.2-3.el6_10.1.s390.rpm	SHA-256: b1e590b344cdb8f69c66250111f4c11c7237abba08692312b2de0891710fcb77
libssh2-devel-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: 40cdadb6f24f9801d1bf57db2f0247d1edc9af77c6e75203a17646f298932d52
libssh2-docs-1.4.2-3.el6_10.1.s390x.rpm	SHA-256: d271ba043f4e76e5f9b94222395112bedd320e42ba56fac4c1d2994d81a13107