Amazon Linux 1 (EOL) Security Advisory: ALAS-2023-1756
Advisory Released Date: 2023-06-06
Advisory Updated Date: 2023-06-06
Severity:
Medium
Issue Overview:
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the _libssh2_packet_require and _libssh2_packet_requirev functions. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. (CVE-2019-3859)
An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. (CVE-2019-3860)
Affected Packages:
libssh2
Issue Correction:
Run yum update libssh2 to update your system.
New Packages:
i686:
libssh2-debuginfo-1.4.2-3.13.amzn1.i686
libssh2-devel-1.4.2-3.13.amzn1.i686
libssh2-1.4.2-3.13.amzn1.i686
libssh2-docs-1.4.2-3.13.amzn1.i686
src:
libssh2-1.4.2-3.13.amzn1.src
x86_64:
libssh2-1.4.2-3.13.amzn1.x86_64
libssh2-debuginfo-1.4.2-3.13.amzn1.x86_64
libssh2-docs-1.4.2-3.13.amzn1.x86_64
libssh2-devel-1.4.2-3.13.amzn1.x86_64