[SECURITY] [DLA 1991-1] libssh2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1991-1] libssh2 security update
From: Abhijith PA <abhijith@disroot.org>
Date: Wed, 13 Nov 2019 20:24:07 +0530
Message-id: <[🔎] 278e81e9-24ef-d60b-0898-e71f286e9520@disroot.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libssh2
Version        : 1.4.3-4.1+deb8u6
CVE ID         : CVE-2019-17498
Debian Bug     : 943562


In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer
overflow in a bounds check, enabling an attacker to specify an
arbitrary (out-of-bounds) offset for a subsequent memory read. A
crafted SSH server may be able to disclose sensitive information or
cause a denial of service condition on the client system when a user
connects to the server

For Debian 8 "Jessie", this problem has been fixed in version
1.4.3-4.1+deb8u6.

We recommend that you upgrade your libssh2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl3MGQYACgkQhj1N8u2c
KO/U/g//Utbl1kntCYxixgzsuUTht2zIldluvSsHXDSLGqavA8WVdECv35oDc+kE
bMzu42MptkEP4O55cS5vMLAuGl2zbhuEbDMbPaBYZ1oHd1OTMg7Pl9hCL7W6IuVI
WIjLClh6W++4O6Gk9VKsFOUOU+8awhvLX9+co9md6ZWADmYonE3BdyshW5XwSjn+
OIfVOwPtFvIMmwnOeqUj72pIs7GTpwx7o0+9qUyNkunmKpp5rFTqNEzK8vAQgpti
Ec03RP/zdVgNxNF1oAZMdj7J5aOv2UBUH+dqMMrhJmYsJ2igthPEOCgRrPFkukfB
XCsEw/bQDBQQk41/1TKs83QzMpBwYZDHkuyDxAnKL9Yu+qSWkp1VMJ2fxQdY9OZS
+DSIn+z0lwj/1C6KzufMYdHahGRup3H83HV/+7lwhFFLolCL8JVFLWzJHy1jHCUP
80U8oZiQDpbpsVin6l8wjuwMToMZtCCqT2/0S5ZPkmxSBV+bRfKcSXfdkVDXw6xx
qrWTtrdLzZdkuG3Bz9JTxezgy9lMjmYWorJCbWNEvHNHcQ2sw4UQ9IxqnUNsRK1a
X5SzyUMVQgpUX9pS7qEVSQkX1TEkwKzCPaOgbKyw+KE5NyutHlVBqZvCPTal85cc
A6C5wQf0K9OF7W5E7938hTSDLiDh+jM4270vxTf6fHu/XJ4vBpI=
=F0/Z
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1989-1] linux security update
Next by Date: [SECURITY] [DLA 1990-1] linux-4.9 security update
Previous by thread: [SECURITY] [DLA 1989-1] linux security update
Next by thread: [SECURITY] [DLA 1990-1] linux-4.9 security update
Index(es):
- Date
- Thread