PaulHowarth/Blog/2019-06-20

Thursday 20th June 2019

Fedora Project

  • Updated libssh2 to 1.9.0 in Rawhide:

    • Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)

    • Adds ECDSA keys and host key support when using OpenSSL
    • Adds ED25519 key and host key support when using OpenSSL 1.1.1
    • Adds OpenSSH style key file reading
    • Adds AES CTR mode support when using WinCNG
    • Adds PEM passphrase protected file support for libgcrypt and WinCNG

    • Adds SHA256 hostkey fingerprint
    • Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()

    • Adds explicit zeroing of sensitive data in memory
    • Adds additional bounds checks to network buffer reads
    • Adds the ability to use the server default permissions when creating sftp directories
    • Adds support for building with OpenSSL no engine flag
    • Adds support for building with LibreSSL
    • Increased sftp packet size to 256k
    • Fixed oversized packet handling in sftp
    • Fixed building with OpenSSL 1.1
    • Fixed a possible crash if sftp stat gets an unexpected response

    • Fixed incorrect parsing of the KEX preference string value
    • Fixed conditional RSA and AES-CTR support
    • Fixed a small memory leak during the key exchange process
    • Fixed a possible memory leak of the ssh banner string
    • Fixed various small memory leaks in the backends
    • Fixed possible out of bounds read when parsing public keys from the server
    • Fixed possible out of bounds read when parsing invalid PEM files
    • No longer null terminates the scp remote exec command
    • Now handle errors when Diffie Hellman key pair generation fails
    • Fixed compiling on Windows with the flag STDCALL=ON

    • Improved building instructions
    • Improved unit tests

Local Packages

  • Updated libssh2 to 1.9.0 as per the Fedora version


Recent