Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 680904 (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863) - <net-libs/libssh2-1.8.2: multiple vulnerabilities
Summary: <net-libs/libssh2-1.8.2: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: B3 [noglsa cve stable blocked]
Keywords:
Depends on: 690884
Blocks:
  Show dependency tree
 
Reported: 2019-03-18 22:02 UTC by Hanno Boeck
Modified: 2019-08-12 23:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Boeck gentoo-dev 2019-03-18 22:02:18 UTC
Nine security vulns fixed in 1.8.1:
https://www.openwall.com/lists/oss-security/2019/03/18/3
Comment 1 Larry the Git Cow gentoo-dev 2019-03-18 22:07:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b63b26650737258c12032376fe9c80beb97b07be

commit b63b26650737258c12032376fe9c80beb97b07be
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2019-03-18 22:07:02 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2019-03-18 22:07:45 +0000

    net-libs/libssh2: Version 1.8.1
    
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Bug: https://bugs.gentoo.org/680904
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-libs/libssh2/Manifest             |  1 +
 net-libs/libssh2/libssh2-1.8.1.ebuild | 59 +++++++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
Comment 2 Arfrever Frehtes Taifersar Arahesis 2019-03-26 07:09:49 UTC
net-libs/libssh2-1.8.2 was released on 2019-03-25 and fixes regression:

https://github.com/libssh2/libssh2/blob/libssh2-1.8.2/RELEASE-NOTES
"""
 o Fixed the misapplied userauth patch that broke 1.8.1
 o moved the MAX size declarations from the public header
"""
Comment 3 Larry the Git Cow gentoo-dev 2019-03-26 07:39:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e3b13af1d3fa9c55111734ea47afeb6d1ac7bf3

commit 5e3b13af1d3fa9c55111734ea47afeb6d1ac7bf3
Author:     Jeroen Roovers <jer@gentoo.org>
AuthorDate: 2019-03-26 07:38:28 +0000
Commit:     Jeroen Roovers <jer@gentoo.org>
CommitDate: 2019-03-26 07:39:16 +0000

    net-libs/libssh2: Version 1.8.2
    
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=680904
    Signed-off-by: Jeroen Roovers <jer@gentoo.org>

 net-libs/libssh2/Manifest                                       | 2 +-
 net-libs/libssh2/{libssh2-1.8.1.ebuild => libssh2-1.8.2.ebuild} | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2019-03-27 04:31:56 UTC
CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write
  URL: https://www.libssh2.org/CVE-2019-3855.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch

CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write
  URL: https://www.libssh2.org/CVE-2019-3856.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch

CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write
  URL: https://www.libssh2.org/CVE-2019-3857.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch

CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read
  URL: https://www.libssh2.org/CVE-2019-3858.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch

CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`
  URL: https://www.libssh2.org/CVE-2019-3859.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch

CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets
  URL: https://www.libssh2.org/CVE-2019-3860.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch

CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets
  URL: https://www.libssh2.org/CVE-2019-3861.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch

CVE-2019-3862
  Out-of-bounds memory comparison
  URL: https://www.libssh2.org/CVE-2019-3862.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch

CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes
  URL: https://www.libssh2.org/CVE-2019-3863.html
  Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt