CLSA-2026-1776855642

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1776855642.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1776855642
Upstream
Published
2026-04-22T11:00:47Z
Modified
2026-06-04T09:47:10.751040090Z
Summary
Fix CVE(s): CVE-2019-17498, CVE-2019-3857
Details
  • SECURITY UPDATE: Integer overflow leading to out-of-bounds write when SSHMSGCHANNEL_REQUEST packets with exit signal messages are parsed.
    • debian/patches/CVE-2019-3857.patch: check namelen + 1 does not overflow before allocation in exit-signal handling.
    • CVE-2019-3857
  • SECURITY UPDATE: Integer overflow in bounds check in SSHMSGDISCONNECT packet parsing enabling out-of-bounds read.
    • debian/patches/CVE-2019-17498.patch: harden bounds checking in SSHMSGDISCONNECT, SSHMSGDEBUG, and SSHMSGGLOBAL_REQUEST handlers to prevent unsigned integer underflow and overflow.
    • CVE-2019-17498
References

Affected packages

TuxCare:Ubuntu:16.04 / libssh2-1

Package

Name
libssh2-1
Purl
pkg:deb/tuxcare/libssh2-1?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-2ubuntu0.1+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1776855642.json"

TuxCare:Ubuntu:16.04 / libssh2-1-dev

Package

Name
libssh2-1-dev
Purl
pkg:deb/tuxcare/libssh2-1-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.0-2ubuntu0.1+tuxcare.els3

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1776855642.json"