Hello!
I'm happy to announce that we have release libssh2 1.8.1. This release is a
pure security release with no less than *nine* security fixes addressed. See
also the separate security announcement following this email.
As always, get it from https://www.libssh2.org/
The changes included in 1.8.1 are:
o fixed possible integer overflow when reading a specially crafted packet
(https://www.libssh2.org/CVE-2019-3855.html)
o fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings
(https://www.libssh2.org/CVE-2019-3863.html)
o fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
o fixed possible out of bounds read when processing a specially crafted
packet (https://www.libssh2.org/CVE-2019-3861.html)
o fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
o fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
o fixed possible zero byte allocation when reading a specially crafted SFTP
packet (https://www.libssh2.org/CVE-2019-3858.html)
o fixed possible out of bounds reads when processing specially crafted SFTP
packets (https://www.libssh2.org/CVE-2019-3860.html)
o fixed possible out of bounds reads in _libssh2_packet_require(v)
(https://www.libssh2.org/CVE-2019-3859.html)
-- / daniel.haxx.se _______________________________________________ libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2019-03-18