Headline
RHSA-2023:5615: Red Hat Security Advisory: libssh2 security update
An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2020-22218: A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-10-10
Updated:
2023-10-10
RHSA-2023:5615 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: libssh2 security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for libssh2 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The libssh2 packages provide a library that implements the SSH2 protocol.
Security Fix(es):
- libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 2235542 - CVE-2020-22218 libssh2: use-of-uninitialized-value in _libssh2_transport_read
Red Hat Enterprise Linux Server 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
x86_64
libssh2-1.8.0-4.el7_9.1.i686.rpm
SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747
libssh2-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-devel-1.8.0-4.el7_9.1.i686.rpm
SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169
libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux Workstation 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
x86_64
libssh2-1.8.0-4.el7_9.1.i686.rpm
SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747
libssh2-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-devel-1.8.0-4.el7_9.1.i686.rpm
SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169
libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux Desktop 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
x86_64
libssh2-1.8.0-4.el7_9.1.i686.rpm
SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747
libssh2-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-devel-1.8.0-4.el7_9.1.i686.rpm
SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169
libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux for IBM z Systems 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
s390x
libssh2-1.8.0-4.el7_9.1.s390.rpm
SHA-256: 02665bd9969e2fa6edcecc5cf8983a852b545a994e6ea5b1a2d21c4249e576d2
libssh2-1.8.0-4.el7_9.1.s390x.rpm
SHA-256: 5fe64b111992e0af1f5dd666b8965ad733e4c2683b055d29c89d109e48f43d87
libssh2-debuginfo-1.8.0-4.el7_9.1.s390.rpm
SHA-256: 8a395b09a46f3168f54af9428e49a595a4a519c628274cc5b4d783558e7fca58
libssh2-debuginfo-1.8.0-4.el7_9.1.s390.rpm
SHA-256: 8a395b09a46f3168f54af9428e49a595a4a519c628274cc5b4d783558e7fca58
libssh2-debuginfo-1.8.0-4.el7_9.1.s390x.rpm
SHA-256: e493bd22388034e9571a835bd68a3cb0451c40462f82225ba81567fe5b0bd90e
libssh2-debuginfo-1.8.0-4.el7_9.1.s390x.rpm
SHA-256: e493bd22388034e9571a835bd68a3cb0451c40462f82225ba81567fe5b0bd90e
libssh2-devel-1.8.0-4.el7_9.1.s390.rpm
SHA-256: 7e7d0a0b880ba19d377b054ad53f33de700286ea18d0c3063c524ca77ad4636f
libssh2-devel-1.8.0-4.el7_9.1.s390x.rpm
SHA-256: 2d1a9e84942022a0f6ce0a644e9d7f9ebdb2756504226eea94633dd411dead71
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux for Power, big endian 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
ppc64
libssh2-1.8.0-4.el7_9.1.ppc.rpm
SHA-256: 0ddcced0c913fe6d7683c4158f3269efaf6701836ecfe5f7504d3fa8fcc082c2
libssh2-1.8.0-4.el7_9.1.ppc64.rpm
SHA-256: 616519c9a5f6b6fc238cff40586cfd5c37f9d5fb2a31051780f8af3762177748
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc.rpm
SHA-256: c5a7d376bf452e0d699c99f4bb4d6ad568f916ac730d7590475aba1abc7df40e
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc.rpm
SHA-256: c5a7d376bf452e0d699c99f4bb4d6ad568f916ac730d7590475aba1abc7df40e
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64.rpm
SHA-256: 4c2652fb6b866dff936c91a7d48cc43a810b431f38aac25d346c9d27767ba6b5
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64.rpm
SHA-256: 4c2652fb6b866dff936c91a7d48cc43a810b431f38aac25d346c9d27767ba6b5
libssh2-devel-1.8.0-4.el7_9.1.ppc.rpm
SHA-256: ea7a854c1e43389e62fac06366c3d39b6dd515a663befbef4cd9816c75eb644b
libssh2-devel-1.8.0-4.el7_9.1.ppc64.rpm
SHA-256: 5bb3b73e4183ce9c7af958b64354b20076fd5484bd95fc04b704ec9ea6005be7
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux for Scientific Computing 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
x86_64
libssh2-1.8.0-4.el7_9.1.i686.rpm
SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747
libssh2-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm
SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033
libssh2-devel-1.8.0-4.el7_9.1.i686.rpm
SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169
libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm
SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
Red Hat Enterprise Linux for Power, little endian 7
SRPM
libssh2-1.8.0-4.el7_9.1.src.rpm
SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead
ppc64le
libssh2-1.8.0-4.el7_9.1.ppc64le.rpm
SHA-256: e8db75332829dbdb60ae5def855040309416cce0cde2c999fcdb95353e27226c
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64le.rpm
SHA-256: 178d57acf85aaa1682842353d192f2088836abd758764b7e0c4efbf9fe375ffa
libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64le.rpm
SHA-256: 178d57acf85aaa1682842353d192f2088836abd758764b7e0c4efbf9fe375ffa
libssh2-devel-1.8.0-4.el7_9.1.ppc64le.rpm
SHA-256: 1a9a2b8027d59b0b287ab602584e4b4440f24522d4ebc7cc9d9de39476486d7a
libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm
SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.
Red Hat Security Advisory 2023-5615-01 - The libssh2 packages provide a library that implements the SSH2 protocol.
Ubuntu Security Notice 6371-1 - It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash.
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.