FS#44146 - [libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Wednesday, 11 March 2015, 11:24 GMT
Last edited by Dave Reisner (falconindy) - Wednesday, 11 March 2015, 11:51 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
It has been reported [0] that libssh2 <= 1.4.3 are vulnerable to out-of-bounds memory access while reading SSH_MSG_KEXINIT data.

Mitigation:
It is recommended to either upgrade to 1.5.0 to mitigate this issue or apply a patch provided in the advisory.

[0] http://www.libssh2.org/adv_20150311.html
This task depends upon

Closed by  Dave Reisner (falconindy)
Wednesday, 11 March 2015, 11:51 GMT
Reason for closing:  Fixed
Additional comments about closing:  testing/libssh2-1.5.0-1

Loading...