www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: [RELEASE] libssh2 1.8.1

[RELEASE] libssh2 1.8.1

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 18 Mar 2019 22:42:15 +0100 (CET)

Hello!

I'm happy to announce that we have release libssh2 1.8.1. This release is a
pure security release with no less than *nine* security fixes addressed. See
also the separate security announcement following this email.

As always, get it from https://www.libssh2.org/

The changes included in 1.8.1 are:

  o fixed possible integer overflow when reading a specially crafted packet
    (https://www.libssh2.org/CVE-2019-3855.html)
  o fixed possible integer overflow in userauth_keyboard_interactive with a
    number of extremely long prompt strings
    (https://www.libssh2.org/CVE-2019-3863.html)
  o fixed possible integer overflow if the server sent an extremely large
    number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
  o fixed possible out of bounds read when processing a specially crafted
    packet (https://www.libssh2.org/CVE-2019-3861.html)
  o fixed possible integer overflow when receiving a specially crafted exit
    signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
  o fixed possible out of bounds read when receiving a specially crafted exit
    status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
  o fixed possible zero byte allocation when reading a specially crafted SFTP
    packet (https://www.libssh2.org/CVE-2019-3858.html)
  o fixed possible out of bounds reads when processing specially crafted SFTP
    packets (https://www.libssh2.org/CVE-2019-3860.html)
  o fixed possible out of bounds reads in _libssh2_packet_require(v)
    (https://www.libssh2.org/CVE-2019-3859.html)

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2019-03-18

the libssh2 team