Release date:
2026-04-22 13:31:52 UTC
Description:
* SECURITY UPDATE: integer overflow in transport read allowing
out-of-bounds write via crafted SSH packet
- debian/patches/CVE-2019-3855.patch: add packet_length bounds
check against LIBSSH2_PACKET_MAXPAYLOAD in transport read
- CVE-2019-3855
* SECURITY UPDATE: integer overflow in keyboard-interactive handling
allowing out-of-bounds write via crafted num-prompts value
- debian/patches/CVE-2019-3856.patch: cap num_prompts at 100 to
prevent excessive allocation in keyboard-interactive auth
- CVE-2019-3856
* SECURITY UPDATE: integer overflow in keyboard-interactive response
allowing out-of-bounds write via crafted response lengths
- debian/patches/CVE-2019-3863.patch: add SIZE_MAX overflow check
in keyboard-interactive response packet length calculation
- CVE-2019-3863
* SECURITY UPDATE: out-of-bounds memory access in kex exchange when
reading malformed data in diffie_hellman_sha1/sha256
- debian/patches/CVE-2019-13115.patch: add _libssh2_copy_string()
bounds-checked helper and use it in kex DH group exchange
- CVE-2019-13115
Updated packages:
-
libssh2-1_1.5.0-2ubuntu0.1+tuxcare.els4_amd64.deb
sha:8ab0ccb2d13eef130dbde65cfaab953b8bb27bcf
-
libssh2-1-dev_1.5.0-2ubuntu0.1+tuxcare.els4_amd64.deb
sha:113cd8526f554f4cdc2d997c5c6e49f6273464a6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
