Mageia alert MGASA-2012-0344 (libssh) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2012-0344: libssh-0.4.7-1.1.mga1 (1/core),
 libssh-0.5.2-1.1.mga2 (2/core) 
Date:
    	       Thu, 29 Nov 2012 22:13:54 +0100
Message-ID:
    	       <20121129211354.GA10761@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2012-0344
Date: 	November 29th, 2012
Affected releases: 	1, 2


Description:
Updated libssh packages fix security vulnerabilities:

Multiple double free flaws, buffer overflow flaws, invalid free flaws,
and improper overflow checks in libssh before 0.5.3 could enable a denial
of service attack against libssh clients, or possibly arbitrary code
execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and
CVE-2012-4562).


Updated Packages:
Mageia 1:
lib(64)ssh4-0.4.7-1.1.mga1
lib(64)ssh-devel-0.4.7-1.1.mga1

Mageia 2:
lib(64)ssh4-0.5.2-1.1.mga2
lib(64)ssh-devel-0.5.2-1.1.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4560

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4561

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562

http://www.libssh.org/2012/11/20/libssh-0-5-3-security-re...
http://www.ubuntu.com/usn/usn-1640-1/

https://bugs.mageia.org/show_bug.cgi?id=8188

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...
(Log in to post comments)