Subject: RE: [RELEASE] libssh2 1.8.1

RE: [RELEASE] libssh2 1.8.1

From: Kelley, Ryan <rkelley_at_akamai.com>
Date: Wed, 20 Mar 2019 14:25:55 +0000

I'd try grabbing the package again as they pulled the update due to a
misapplied patch and then republished it the next day. If its still an issue
after that then it needs further escalation for sure.

Ryan Kelley

-----Original Message-----
From: Micka <mickamusset_at_gmail.com>
Sent: Wednesday, March 20, 2019 4:16 AM
To: libssh2 development <libssh2-devel_at_cool.haxx.se>
Subject: Re: [RELEASE] libssh2 1.8.1

Hi, when I switch to the version 1.8.1 with libcurl 7.64.1-DEV, I got this
error:

Unable to send userauth-publickey request

When I switch back to the library 1.8.0 with libcurl, it works.

What happen to this new lib of libssh2 ? how can I help to find the error ?

Micka,

On Mon, Mar 18, 2019 at 10:44 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
>
> Hello!
>
> I'm happy to announce that we have release libssh2 1.8.1. This release
> is a pure security release with no less than *nine* security fixes
> addressed. See also the separate security announcement following this email.
>
> As always, get it from https://www.libssh2.org/
>
> The changes included in 1.8.1 are:
>
> o fixed possible integer overflow when reading a specially crafted packet
> (https://www.libssh2.org/CVE-2019-3855.html)
> o fixed possible integer overflow in userauth_keyboard_interactive with a
> number of extremely long prompt strings
> (https://www.libssh2.org/CVE-2019-3863.html)
> o fixed possible integer overflow if the server sent an extremely large
> number of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
> o fixed possible out of bounds read when processing a specially crafted
> packet (https://www.libssh2.org/CVE-2019-3861.html)
> o fixed possible integer overflow when receiving a specially crafted exit
> signal message channel packet
> (https://www.libssh2.org/CVE-2019-3857.html)
> o fixed possible out of bounds read when receiving a specially crafted
> exit
> status message channel packet
> (https://www.libssh2.org/CVE-2019-3862.html)
> o fixed possible zero byte allocation when reading a specially crafted
> SFTP
> packet (https://www.libssh2.org/CVE-2019-3858.html)
> o fixed possible out of bounds reads when processing specially crafted
> SFTP
> packets (https://www.libssh2.org/CVE-2019-3860.html)
> o fixed possible out of bounds reads in _libssh2_packet_require(v)
> (https://www.libssh2.org/CVE-2019-3859.html)
>
> --
>
> / daniel.haxx.se
> _______________________________________________
> libssh2-devel
> https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

_______________________________________________
libssh2-devel https://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2019-03-20