www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: Re: [RELEASE] libssh2 1.8.1

Re: [RELEASE] libssh2 1.8.1

From: Micka <mickamusset_at_gmail.com>
Date: Wed, 20 Mar 2019 09:16:09 +0100

Hi, when I switch to the version 1.8.1 with libcurl 7.64.1-DEV, I got
this error:

Unable to send userauth-publickey request

When I switch back to the library 1.8.0 with libcurl, it works.

What happen to this new lib of libssh2 ? how can I help to find the error ?

Micka,

On Mon, Mar 18, 2019 at 10:44 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> Hello!
>
> I'm happy to announce that we have release libssh2 1.8.1. This release is a
> pure security release with no less than *nine* security fixes addressed. See
> also the separate security announcement following this email.
>
> As always, get it from https://www.libssh2.org/
>
> The changes included in 1.8.1 are:
>
> o fixed possible integer overflow when reading a specially crafted packet
> (https://www.libssh2.org/CVE-2019-3855.html)
> o fixed possible integer overflow in userauth_keyboard_interactive with a
> number of extremely long prompt strings
> (https://www.libssh2.org/CVE-2019-3863.html)
> o fixed possible integer overflow if the server sent an extremely large
> number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
> o fixed possible out of bounds read when processing a specially crafted
> packet (https://www.libssh2.org/CVE-2019-3861.html)
> o fixed possible integer overflow when receiving a specially crafted exit
> signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
> o fixed possible out of bounds read when receiving a specially crafted exit
> status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
> o fixed possible zero byte allocation when reading a specially crafted SFTP
> packet (https://www.libssh2.org/CVE-2019-3858.html)
> o fixed possible out of bounds reads when processing specially crafted SFTP
> packets (https://www.libssh2.org/CVE-2019-3860.html)
> o fixed possible out of bounds reads in _libssh2_packet_require(v)
> (https://www.libssh2.org/CVE-2019-3859.html)
>
> --
>
> / daniel.haxx.se
> _______________________________________________
> libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2019-03-20

the libssh2 team