ID de Prueba:	1.3.6.1.4.1.25623.1.0.883028
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for libssh2 CESA-2019:0679 centos7
Resumen:	The remote host is missing an update for the 'libssh2'; package(s) announced via the CESA-2019:0679 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libssh2' package(s) announced via the CESA-2019:0679 advisory. Vulnerability Insight: The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'libssh2' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3855 BugTraq ID: 107485 http://www.securityfocus.com/bid/107485 Bugtraq: 20190319 [slackware-security] libssh2 (SSA:2019-077-01) (Google Search) https://seclists.org/bugtraq/2019/Mar/25 Bugtraq: 20190415 [SECURITY] [DSA 4431-1] libssh2 security update (Google Search) https://seclists.org/bugtraq/2019/Apr/25 Bugtraq: 20190927 APPLE-SA-2019-9-26-7 Xcode 11.0 (Google Search) https://seclists.org/bugtraq/2019/Sep/49 Debian Security Information: DSA-4431 (Google Search) https://www.debian.org/security/2019/dsa-4431 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DK6VO2CEUTAJFYIKWNZKEKYMYR3NO2O/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/ http://seclists.org/fulldisclosure/2019/Sep/42 http://packetstormsecurity.com/files/152136/Slackware-Security-Advisory-libssh2-Updates.html https://www.libssh2.org/CVE-2019-3855.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html http://www.openwall.com/lists/oss-security/2019/03/18/3 RedHat Security Advisories: RHSA-2019:0679 https://access.redhat.com/errata/RHSA-2019:0679 RedHat Security Advisories: RHSA-2019:1175 https://access.redhat.com/errata/RHSA-2019:1175 RedHat Security Advisories: RHSA-2019:1652 https://access.redhat.com/errata/RHSA-2019:1652 RedHat Security Advisories: RHSA-2019:1791 https://access.redhat.com/errata/RHSA-2019:1791 RedHat Security Advisories: RHSA-2019:1943 https://access.redhat.com/errata/RHSA-2019:1943 RedHat Security Advisories: RHSA-2019:2399 https://access.redhat.com/errata/RHSA-2019:2399 SuSE Security Announcement: openSUSE-SU-2019:1075 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html SuSE Security Announcement: openSUSE-SU-2019:1109 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html Common Vulnerability Exposure (CVE) ID: CVE-2019-3856 https://www.libssh2.org/CVE-2019-3856.html Common Vulnerability Exposure (CVE) ID: CVE-2019-3857 https://www.libssh2.org/CVE-2019-3857.html Common Vulnerability Exposure (CVE) ID: CVE-2019-3863 https://www.libssh2.org/CVE-2019-3863.html
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.