FS#44146 : [libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG

FS#44146 - [libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Wednesday, 11 March 2015, 11:24 GMT
Last edited by Dave Reisner (falconindy) - Wednesday, 11 March 2015, 11:51 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Christian Rebischke (Shibumi) (2015-03-13)
Private	No

Details

Description:
It has been reported [0] that libssh2 <= 1.4.3 are vulnerable to out-of-bounds memory access while reading SSH_MSG_KEXINIT data.

Mitigation:
It is recommended to either upgrade to 1.5.0 to mitigate this issue or apply a patch provided in the advisory.

[0] http://www.libssh2.org/adv_20150311.html

This task depends upon

Closed by Dave Reisner (falconindy)
Wednesday, 11 March 2015, 11:51 GMT
Reason for closing: Fixed
Additional comments about closing: testing/libssh2-1.5.0-1

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44146 - [libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Details

Loading...