ssh/curl: About the conditions of CVE-2019-3855, CVE-2019-3856, CVE-2019-3857 and CVE-2019-3863

Solution Verified - Updated -

Issue

CVE-2019-3855, CVE-2019-3856, CVE-2019-3857 and CVE-2019-3863 are the vulnerabilities of libssh2. Our customer has libssh2 installed, but they don't understand under what condition this issue occurs. Therefore, our customer is worried if 6.6.z AUS fix is necessary for their system or not.

For example, libssh2 is used in curl command, libcurl and libguestfs. Is there a vulnerability issue when using curl command, libcurl and libguestfs? How do we use these to cause this vulnerability issue? For example, it occurs when using certain options of curl command, etc. Are there any conditions when using the libcurl or libguestfs interface? Please let us know if there are other conditions that can be mentioned.

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • SSH
  • curl
  • libguestfs
  • libssh2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content