Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:5615: Red Hat Security Advisory: libssh2 security update

An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-22218: A flaw was found in the libssh2 library. An out-of-bounds access issue can occur due to an improper initialization of a variable, resulting in a crash in the application linked to the library.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#ssh#ibm

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-10-10

Updated:

2023-10-10

RHSA-2023:5615 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: libssh2 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libssh2 is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libssh2 packages provide a library that implements the SSH2 protocol.

Security Fix(es):

  • libssh2: use-of-uninitialized-value in _libssh2_transport_read (CVE-2020-22218)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Fixes

  • BZ - 2235542 - CVE-2020-22218 libssh2: use-of-uninitialized-value in _libssh2_transport_read

Red Hat Enterprise Linux Server 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

x86_64

libssh2-1.8.0-4.el7_9.1.i686.rpm

SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747

libssh2-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-devel-1.8.0-4.el7_9.1.i686.rpm

SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169

libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux Workstation 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

x86_64

libssh2-1.8.0-4.el7_9.1.i686.rpm

SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747

libssh2-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-devel-1.8.0-4.el7_9.1.i686.rpm

SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169

libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux Desktop 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

x86_64

libssh2-1.8.0-4.el7_9.1.i686.rpm

SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747

libssh2-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-devel-1.8.0-4.el7_9.1.i686.rpm

SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169

libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux for IBM z Systems 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

s390x

libssh2-1.8.0-4.el7_9.1.s390.rpm

SHA-256: 02665bd9969e2fa6edcecc5cf8983a852b545a994e6ea5b1a2d21c4249e576d2

libssh2-1.8.0-4.el7_9.1.s390x.rpm

SHA-256: 5fe64b111992e0af1f5dd666b8965ad733e4c2683b055d29c89d109e48f43d87

libssh2-debuginfo-1.8.0-4.el7_9.1.s390.rpm

SHA-256: 8a395b09a46f3168f54af9428e49a595a4a519c628274cc5b4d783558e7fca58

libssh2-debuginfo-1.8.0-4.el7_9.1.s390.rpm

SHA-256: 8a395b09a46f3168f54af9428e49a595a4a519c628274cc5b4d783558e7fca58

libssh2-debuginfo-1.8.0-4.el7_9.1.s390x.rpm

SHA-256: e493bd22388034e9571a835bd68a3cb0451c40462f82225ba81567fe5b0bd90e

libssh2-debuginfo-1.8.0-4.el7_9.1.s390x.rpm

SHA-256: e493bd22388034e9571a835bd68a3cb0451c40462f82225ba81567fe5b0bd90e

libssh2-devel-1.8.0-4.el7_9.1.s390.rpm

SHA-256: 7e7d0a0b880ba19d377b054ad53f33de700286ea18d0c3063c524ca77ad4636f

libssh2-devel-1.8.0-4.el7_9.1.s390x.rpm

SHA-256: 2d1a9e84942022a0f6ce0a644e9d7f9ebdb2756504226eea94633dd411dead71

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux for Power, big endian 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

ppc64

libssh2-1.8.0-4.el7_9.1.ppc.rpm

SHA-256: 0ddcced0c913fe6d7683c4158f3269efaf6701836ecfe5f7504d3fa8fcc082c2

libssh2-1.8.0-4.el7_9.1.ppc64.rpm

SHA-256: 616519c9a5f6b6fc238cff40586cfd5c37f9d5fb2a31051780f8af3762177748

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc.rpm

SHA-256: c5a7d376bf452e0d699c99f4bb4d6ad568f916ac730d7590475aba1abc7df40e

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc.rpm

SHA-256: c5a7d376bf452e0d699c99f4bb4d6ad568f916ac730d7590475aba1abc7df40e

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64.rpm

SHA-256: 4c2652fb6b866dff936c91a7d48cc43a810b431f38aac25d346c9d27767ba6b5

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64.rpm

SHA-256: 4c2652fb6b866dff936c91a7d48cc43a810b431f38aac25d346c9d27767ba6b5

libssh2-devel-1.8.0-4.el7_9.1.ppc.rpm

SHA-256: ea7a854c1e43389e62fac06366c3d39b6dd515a663befbef4cd9816c75eb644b

libssh2-devel-1.8.0-4.el7_9.1.ppc64.rpm

SHA-256: 5bb3b73e4183ce9c7af958b64354b20076fd5484bd95fc04b704ec9ea6005be7

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux for Scientific Computing 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

x86_64

libssh2-1.8.0-4.el7_9.1.i686.rpm

SHA-256: ca0afc77a984564fa1492bf93d6f04c81e9121bbffa3abe0527f150194dcc747

libssh2-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: c0728558ef9e4af5d368f687f7681c98946e20ebc273a4c441d95f989ef5e699

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.i686.rpm

SHA-256: 28b6e1ef8108223b67e7cd4532b1ff9dfa27c72f845ae71f419016b01415f072

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-debuginfo-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 8c53bed3f88e4be6570fe4883ef7a4f7f1c38257a2d7a1b5f2e8b66c8e5f5033

libssh2-devel-1.8.0-4.el7_9.1.i686.rpm

SHA-256: b81914a8f400cf6b535e4fe194a1dddd462bd5aa40862660a59e48bcf0ecd169

libssh2-devel-1.8.0-4.el7_9.1.x86_64.rpm

SHA-256: 9c5aab56a01e25c66d99617e9cbcac0a4e4658af805e397e2ac0a3b5113333c9

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

Red Hat Enterprise Linux for Power, little endian 7

SRPM

libssh2-1.8.0-4.el7_9.1.src.rpm

SHA-256: 8c194daff21f2d617c927b54e6a15c30deba60478554ef5c35bc6148cf81eead

ppc64le

libssh2-1.8.0-4.el7_9.1.ppc64le.rpm

SHA-256: e8db75332829dbdb60ae5def855040309416cce0cde2c999fcdb95353e27226c

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64le.rpm

SHA-256: 178d57acf85aaa1682842353d192f2088836abd758764b7e0c4efbf9fe375ffa

libssh2-debuginfo-1.8.0-4.el7_9.1.ppc64le.rpm

SHA-256: 178d57acf85aaa1682842353d192f2088836abd758764b7e0c4efbf9fe375ffa

libssh2-devel-1.8.0-4.el7_9.1.ppc64le.rpm

SHA-256: 1a9a2b8027d59b0b287ab602584e4b4440f24522d4ebc7cc9d9de39476486d7a

libssh2-docs-1.8.0-4.el7_9.1.noarch.rpm

SHA-256: acc675a955f507618efb1ed488554c7e839bbab03e753038a3c7a47729d6d221

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

CVE-2023-43057: Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

Red Hat Security Advisory 2023-5615-01

Red Hat Security Advisory 2023-5615-01 - The libssh2 packages provide a library that implements the SSH2 protocol.

Ubuntu Security Notice USN-6371-1

Ubuntu Security Notice 6371-1 - It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash.

CVE-2020-22218: fix use-of-uninitialized-value by ltx2018 · Pull Request #476 · libssh2/libssh2

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.