FS#44148 : [lib32-libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG

FS#44148 - [lib32-libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Attached to Project: Community Packages
Opened by Levente Polyak (anthraxx) - Wednesday, 11 March 2015, 12:02 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 March 2015, 14:59 GMT

Task Type	Bug Report
Category	Packages: Multilib
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:
It has been reported [0] that libssh2 <= 1.4.3 is vulnerable to out-of-bounds memory access while reading SSH_MSG_KEXINIT data.
The related non-lib32 bug: https://bugs.archlinux.org/task/44146

Mitigation:
It is recommended to either upgrade to 1.5.0 to mitigate this issue or apply a patch provided in the advisory.

[0] http://www.libssh2.org/adv_20150311.html

This task depends upon

Closed by Doug Newgard (Scimmia)
Wednesday, 11 March 2015, 14:59 GMT
Reason for closing: Fixed
Additional comments about closing: multilib-testing/lib32-libssh2-1.5.0-1

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44148 - [lib32-libssh2] CVE-2015-1782: out-of-bounds access to SSH_MSG_KEXINIT data

Details

Loading...