[SECURITY] [DLA 2038-1] libssh security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : libssh
Version : 0.6.3-4+deb8u4
CVE ID : CVE-2019-14889
Debian Bug : 946548
It was found that libssh, a tiny C SSH library, does not sufficiently
sanitize path parameters provided to the server, allowing an attacker
with only SCP file access to execute arbitrary commands on the server.
For Debian 8 "Jessie", this problem has been fixed in version
0.6.3-4+deb8u4.
We recommend that you upgrade your libssh packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl34zT4ACgkQnUbEiOQ2
gwJIUA/+PXXlcXZb5KgXPkz3vc2C9ZgvXsZAJXGI/+T+mbjeYeVhK80U/QSfaGQ+
wSMdfvXvw/yBOqhql6acRlYdvvxYrHF2jGUuaf0YD39hFCfoGKLDsrzi7qUtYMN5
vaP1XttiXKz3+/iMatVKD0VGZ+HueBz2ovDwlC9bNS06DfzknIszRI+KS3OlHPc+
BGjtJ9psMxiXkloF7b9+3SkZqqJ+J6XnaHBzcVh/vfsC8kxmfn/Yy8jkc1Ul0s+o
74H+uQJftJZL2doVljOteDNj7h2ljGbY63W5ZPm4mUBk5vy8Bj+P0sY2h9v+Yuey
+bx6P+YNojtlwU89n3elpHhudB+zqHOa9accDqSyAvw7FsB7M0E9PM9oEjDdswI1
pd4FBkIEWdIpcoXBWPplKESt+Cz9Y4DiV0mPgYpp73jfH37B7C1afxbOxSn+/J8o
7QLg11NbcoLEnMbnjRa9jyYZG6c5PBPPXksaQP2LrqLuCBQDtSHcsEHkXmG8KGf2
5/Y/n+SwQf/HMozyoybAzhO6Q9K8qL64fz5gONxLZBakS6qKFE1RD9+sCHZBr/dM
AKBUIp+8n0F/aNo6zRL+NVtSN7VShc25gxk80pfH/LjzGVeMgWkyQZ9Etb6Fbv6+
LfLvqKbjLC9kkQTr3sYH/Nv2aABtu2MAIB3D5EGpb2HpzKN0yec=
=LgUv
-----END PGP SIGNATURE-----
Reply to: