[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 171-1] libssh2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libssh2
Version        : 1.2.6-1+deb6u1
CVE ID         : CVE-2015-1782
Debian Bug     : 780249

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVBHrWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9HcP/38GYj4HhasL6jBvYKEv+MMJ
bpe9s2ZPFa/qy6ZJ70rLiUfRvspHGX2O/KMv6dolrukYcb2cqOC3rnWYX99dAbfM
F6dpVBACt21MRWEZ3VAqNf0wdaJBJv/KYReP75IJGTqhaAl0GOtVxNQGUvjrmAzN
nkoFB4ryZYN4NOHu2Pe7YqnWdvz6ponRrsjwgiAG72P40YdD0Y6DEMZhZ34ITBgz
vvVHr6EVC3EFbn6Ksz9y7oWlcQvNqzAvKHcM361PZJ8QgFaIAqkPsMSfVSTwZEJD
3ObrQWmQz0BhWvJybuBgkIKAbrVmyiBr0gcKW2JXaSUFc/hKPSyBbHO8yIrRbsnB
Z/ngfwq1JYb+UGOGgA5tdbNT7hfsrLrJqY8M2kCTZaXme0JxaWiMA20huvJNMK7W
eMHabGzG1mNgEYJrJ9qzjcvnK5Ck2EHRH0dtkRGsdKJYR58ys+KAwD/pc8NZIcHp
5x5e0XmIZJ8tHLU+7O5gPdKXvklggdW1/JAakKQW8u7GAKCaCwx0T5GMoYKLPMp9
HSc75lXRzDvwbLo/hmDRKKZ2DRY/ZWOMV9HDORkjStWH2ooU17e2g5sv9hBDooxq
XMRup8C3cNS+U8PxHIMMr3v84Mi0iRYYWiPFU25dg0VOtta9V/3wuU87t3mRQ1WW
mTkSDsR/SV5ijPNJjliz
=/uxX
-----END PGP SIGNATURE-----


Reply to: