File _patchinfo of Package patchinfo.10556

<patchinfo incident="10556">
  <issue tracker="bnc" id="1128490">VUL-0: EMBARGOED: CVE-2019-3861: libssh2_org: Out-of-bounds reads with specially crafted SSH packets</issue>
  <issue tracker="bnc" id="1128492">VUL-0: EMBARGOED: CVE-2019-3862: libssh2_org: Out-of-bounds memory comparison with specially crafted message channel request SSH packet</issue>
  <issue tracker="bnc" id="1128481">VUL-0: EMBARGOED: CVE-2019-3860: libssh2_org: Out-of-bounds reads with specially crafted SFTP packets</issue>
  <issue tracker="bnc" id="1128493">VUL-0: EMBARGOED: CVE-2019-3863: libssh2_org: Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes with specially crafted keyboard responses</issue>
  <issue tracker="bnc" id="1128472">VUL-0: EMBARGOED: CVE-2019-3856: libssh2_org: Possible integer overflow in keyboard interactive handling allows out-of-bounds write with specially crafted payload</issue>
  <issue tracker="bnc" id="1128480">VUL-0: EMBARGOED: CVE-2019-3859: libssh2_org: Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev</issue>
  <issue tracker="bnc" id="1128471">VUL-0: EMBARGOED: CVE-2019-3855: libssh2_org: Possible integer overflow in transport read allows out-of-bounds write with specially crafted payload</issue>
  <issue tracker="bnc" id="1128476">VUL-0: EMBARGOED: CVE-2019-3858: libssh2_org: Possible zero-byte allocation leading to an out-of-bounds read with a specially crafted SFTP packet</issue>
  <issue tracker="bnc" id="1128474">VUL-0: EMBARGOED: CVE-2019-3857: libssh2_org: Possible integer overflow leading to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet</issue>
  <issue tracker="cve" id="2019-3856"/>
  <issue tracker="cve" id="2019-3857"/>
  <issue tracker="cve" id="2019-3861"/>
  <issue tracker="cve" id="2019-3855"/>
  <issue tracker="cve" id="2019-3860"/>
  <issue tracker="cve" id="2019-3858"/>
  <issue tracker="cve" id="2019-3859"/>
  <issue tracker="cve" id="2019-3863"/>
  <issue tracker="cve" id="2019-3862"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pmonrealgonzalez</packager>
  <description>This update for libssh2_org fixes the following issues:

Security issues fixed:	  

- CVE-2019-3861: Fixed Out-of-bounds reads with specially crafted SSH packets (bsc#1128490).
- CVE-2019-3862: Fixed Out-of-bounds memory comparison with specially crafted message channel request packet (bsc#1128492).
- CVE-2019-3860: Fixed Out-of-bounds reads with specially crafted SFTP packets (bsc#1128481).
- CVE-2019-3863: Fixed an Integer overflow in user authenicate keyboard interactive which could allow out-of-bounds writes 
  with specially crafted keyboard responses (bsc#1128493).
- CVE-2019-3856: Fixed a potential Integer overflow in keyboard interactive handling which could allow out-of-bounds write 
  with specially crafted payload (bsc#1128472).
- CVE-2019-3859: Fixed Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require 
  and _libssh2_packet_requirev (bsc#1128480).
- CVE-2019-3855: Fixed a potential Integer overflow in transport read which could allow out-of-bounds write with specially 
  crafted payload (bsc#1128471).
- CVE-2019-3858: Fixed a potential zero-byte allocation which could lead to an out-of-bounds read with a specially crafted 
  SFTP packet (bsc#1128476).
- CVE-2019-3857: Fixed a potential Integer overflow which could lead to zero-byte allocation and out-of-bounds with specially 
  crafted message channel request SSH packet (bsc#1128474).
</description>
  <summary>Security update for libssh2_org</summary>
</patchinfo>
openSUSE Build Service is sponsored by