Details of VAR-201903-0388

ID

VAR-201903-0388

CVE

CVE-2019-3855

TITLE

libssh2 Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201903-634

DESCRIPTION

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-26-7 Xcode 11.0 Xcode 11.0 addresses the following: IDE SCM Available for: macOS Mojave 10.14.4 and later Impact: Multiple issues in libssh2 Description: Multiple issues were addressed by updating to version 2.16. CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team Installation note: Xcode 11.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.0". 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary: An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The libssh2 packages provide a library that implements the SSH2 protocol. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 1.7.0-1+deb9u1. We recommend that you upgrade your libssh2 packages

Trust: 1.62

sources: NVD: CVE-2019-3855 // VULHUB: VHN-155290 // PACKETSTORM: 154655 // PACKETSTORM: 153510 // PACKETSTORM: 152282 // PACKETSTORM: 152874 // PACKETSTORM: 153654 // PACKETSTORM: 153811 // PACKETSTORM: 152509

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	28	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	42.3	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.57	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	29	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	libssh2	model:	libssh2	scope:	lt	version:	1.8.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	xcode	scope:	lt	version:	11.0	Trust: 1.0
vendor:	oracle	model:	peoplesoft enterprise peopletools	scope:	eq	version:	8.56	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0

sources: NVD: CVE-2019-3855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-3855
value:	HIGH
Trust: 1.0
secalert@redhat.com:	CVE-2019-3855
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201903-634
value:	HIGH
Trust: 0.6
VULHUB:	VHN-155290
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-3855
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-155290
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-3855
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secalert@redhat.com:	CVE-2019-3855
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-155290 // CNNVD: CNNVD-201903-634 // NVD: CVE-2019-3855 // NVD: CVE-2019-3855

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.1
problemtype:	CWE-787	Trust: 1.1

sources: VULHUB: VHN-155290 // NVD: CVE-2019-3855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-634

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201903-634

PATCH

title:

libssh2 Fixes for digital error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90196

Trust: 0.6

sources: CNNVD: CNNVD-201903-634

EXTERNAL IDS

db:	NVD	id:	CVE-2019-3855	Trust: 2.4
db:	PACKETSTORM	id:	152136	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2019/03/18/3	Trust: 1.7
db:	BID	id:	107485	Trust: 1.7
db:	CNNVD	id:	CNNVD-201903-634	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.4341	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2340	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4083	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1274	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.4479.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0911	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4226	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0996	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.0894	Trust: 0.6
db:	PACKETSTORM	id:	152509	Trust: 0.2
db:	PACKETSTORM	id:	153654	Trust: 0.2
db:	PACKETSTORM	id:	154655	Trust: 0.2
db:	PACKETSTORM	id:	153510	Trust: 0.2
db:	PACKETSTORM	id:	152282	Trust: 0.2
db:	PACKETSTORM	id:	153811	Trust: 0.2
db:	PACKETSTORM	id:	153969	Trust: 0.1
db:	VULHUB	id:	VHN-155290	Trust: 0.1
db:	PACKETSTORM	id:	152874	Trust: 0.1

sources: VULHUB: VHN-155290 // PACKETSTORM: 154655 // PACKETSTORM: 153510 // PACKETSTORM: 152282 // PACKETSTORM: 152874 // PACKETSTORM: 153654 // PACKETSTORM: 153811 // PACKETSTORM: 152509 // CNNVD: CNNVD-201903-634 // NVD: CVE-2019-3855

REFERENCES

url:	http://packetstormsecurity.com/files/152136/slackware-security-advisory-libssh2-updates.html	Trust: 2.9
url:	http://www.securityfocus.com/bid/107485	Trust: 2.3
url:	https://www.debian.org/security/2019/dsa-4431	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:0679	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1175	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1652	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1791	Trust: 1.8
url:	https://access.redhat.com/errata/rhsa-2019:1943	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/mar/25	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/apr/25	Trust: 1.7
url:	https://seclists.org/bugtraq/2019/sep/49	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3855	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20190327-0005/	Trust: 1.7
url:	https://support.apple.com/kb/ht210609	Trust: 1.7
url:	https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2019/sep/42	Trust: 1.7
url:	https://www.libssh2.org/cve-2019-3855.html	Trust: 1.7
url:	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2019/03/18/3	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2019:2399	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00040.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00003.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3855	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5dk6vo2ceutajfyikwnzkekymyr3no2o/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/m7if3lnhoa75o4wzwihjlirma5ljued3/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6lunhpw64igcasz4jq2j5kdxnzn53dww/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/xcwea5zclkrduk62qvvymfwlwkopx3lo/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3856	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3857	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3863	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20190655-1.html	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-19-099	Trust: 0.6
url:	https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115655	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115643	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1115649	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-201913982-1.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520674	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libssh2-multiple-vulnerabilities-28768	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77838	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1120209	Trust: 0.6
url:	https://support.apple.com/en-us/ht210609	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1116357	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2340/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4226/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/1170634	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/79010	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4341/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77478	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/77406	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.4479.2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-integrated-management-module-ii-imm2-is-affected-by-multiple-vulnerabilities-in-libssh2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4083	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-3863	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/key/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-3857	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.5
url:	https://access.redhat.com/articles/11258	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-3856	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2019-3855	Trust: 0.5
url:	https://support.apple.com/kb/ht201222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8724	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8738	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://developer.apple.com/xcode/downloads/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8739	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11091	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12127	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11091	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12130	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20815	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-12127	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12130	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/libssh2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3859	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3860	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3861	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3862	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3858	Trust: 0.1

CREDITS

Chris Coulson of Canonical Ltd.,Slackware Security Team

Trust: 0.6

sources: CNNVD: CNNVD-201903-634

SOURCES

db:	VULHUB	id:	VHN-155290
db:	PACKETSTORM	id:	154655
db:	PACKETSTORM	id:	153510
db:	PACKETSTORM	id:	152282
db:	PACKETSTORM	id:	152874
db:	PACKETSTORM	id:	153654
db:	PACKETSTORM	id:	153811
db:	PACKETSTORM	id:	152509
db:	CNNVD	id:	CNNVD-201903-634
db:	NVD	id:	CVE-2019-3855

LAST UPDATE DATE

2025-08-12T22:30:40.667000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-155290	date:	2020-10-15T00:00:00
db:	CNNVD	id:	CNNVD-201903-634	date:	2021-12-03T00:00:00
db:	NVD	id:	CVE-2019-3855	date:	2024-11-21T04:42:43.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-155290	date:	2019-03-21T00:00:00
db:	PACKETSTORM	id:	154655	date:	2019-09-29T10:11:11
db:	PACKETSTORM	id:	153510	date:	2019-07-02T14:08:10
db:	PACKETSTORM	id:	152282	date:	2019-03-28T16:23:48
db:	PACKETSTORM	id:	152874	date:	2019-05-15T14:55:50
db:	PACKETSTORM	id:	153654	date:	2019-07-16T20:10:44
db:	PACKETSTORM	id:	153811	date:	2019-07-30T18:13:57
db:	PACKETSTORM	id:	152509	date:	2019-04-15T16:33:02
db:	CNNVD	id:	CNNVD-201903-634	date:	2019-03-19T00:00:00
db:	NVD	id:	CVE-2019-3855	date:	2019-03-21T21:29:00.433