Amazon Linux 2 Security Advisory: ALAS-2019-1303
Advisory Release Date: 2019-09-30 22:51 Pacific
Advisory Updated Date: 2019-10-02 23:13 Pacific
An out of bounds read flaw was discovered in libssh2 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory. (CVE-2019-3862 )
Run yum update libssh2 to update your system.