|
|
Log in / Subscribe / Register

Debian-LTS alert DLA-171-1 (libssh2)



From:
    	      Thorsten Alteholz <debian@alteholz.de> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 171-1] libssh2 security update 


Date:
    	      Sat, 14 Mar 2015 19:15:50 +0100 (CET)


Message-ID:
    	      <alpine.DEB.2.02.1503141914450.13880@jupiter.server.alteholz.net>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libssh2
Version        : 1.2.6-1+deb6u1
CVE ID         : CVE-2015-1782
Debian Bug     : 780249

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVBHrWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH9HcP/38GYj4HhasL6jBvYKEv+MMJ
bpe9s2ZPFa/qy6ZJ70rLiUfRvspHGX2O/KMv6dolrukYcb2cqOC3rnWYX99dAbfM
F6dpVBACt21MRWEZ3VAqNf0wdaJBJv/KYReP75IJGTqhaAl0GOtVxNQGUvjrmAzN
nkoFB4ryZYN4NOHu2Pe7YqnWdvz6ponRrsjwgiAG72P40YdD0Y6DEMZhZ34ITBgz
vvVHr6EVC3EFbn6Ksz9y7oWlcQvNqzAvKHcM361PZJ8QgFaIAqkPsMSfVSTwZEJD
3ObrQWmQz0BhWvJybuBgkIKAbrVmyiBr0gcKW2JXaSUFc/hKPSyBbHO8yIrRbsnB
Z/ngfwq1JYb+UGOGgA5tdbNT7hfsrLrJqY8M2kCTZaXme0JxaWiMA20huvJNMK7W
eMHabGzG1mNgEYJrJ9qzjcvnK5Ck2EHRH0dtkRGsdKJYR58ys+KAwD/pc8NZIcHp
5x5e0XmIZJ8tHLU+7O5gPdKXvklggdW1/JAakKQW8u7GAKCaCwx0T5GMoYKLPMp9
HSc75lXRzDvwbLo/hmDRKKZ2DRY/ZWOMV9HDORkjStWH2ooU17e2g5sv9hBDooxq
XMRup8C3cNS+U8PxHIMMr3v84Mi0iRYYWiPFU25dg0VOtta9V/3wuU87t3mRQ1WW
mTkSDsR/SV5ijPNJjliz
=/uxX
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/alpine.DEB.2.02.1503141914450.13...
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds