Tuesday 19th March 2019
Fedora Project
Updated libssh2 to 1.8.1 in F-28, F-29, F-30 and Rawhide:
Fixed possible integer overflow when reading a specially crafted packet (CVE-2019-3855)
Fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings (CVE-2019-3863)
Fixed possible integer overflow if the server sent an extremely large number of keyboard prompts (CVE-2019-3856)
Fixed possible out of bounds read when processing a specially crafted packet (CVE-2019-3861)
Fixed possible integer overflow when receiving a specially crafted exit signal message channel packet (CVE-2019-3857)
Fixed possible out of bounds read when receiving a specially crafted exit status message channel packet (CVE-2019-3862)
Fixed possible zero byte allocation when reading a specially crafted SFTP packet (CVE-2019-3858)
Fixed possible out of bounds reads when processing specially crafted SFTP packets (CVE-2019-3860)
Fixed possible out of bounds reads in _libssh2_packet_require(v) (CVE-2019-3859)
I added a patch to fix a mis-applied patch in the fix of CVE-2019-3859
Updated perl-Math-Pari to 2.030510 in F-30 and Rawhide
Local Packages
Updated libssh2 to 1.8.1 as per the Fedora version