[SECURITY] [DLA 2303-1] libssh security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2303-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Markus Koschany
July 31, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libssh
Version : 0.7.3-2+deb9u3
CVE ID : CVE-2020-16135
The code in src/sftpserver.c did not verify the validity of certain
pointers and expected them to be valid. A NULL pointer dereference could
have been occurred that typically causes a crash and thus a
denial-of-service.
For Debian 9 stretch, this problem has been fixed in version
0.7.3-2+deb9u3.
We recommend that you upgrade your libssh packages.
For the detailed security status of libssh please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libssh
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8kp6VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSlFxAAv+LnIaX/joydb+e6EmWjyVIuyMmbezLgdfi4Eio9dWD9bgPQ7pU1Ppal
08GShiagtic+M2v6n5eaN7Q00L5gCnYgfseDC/3t+NjrbtEA7YmzQo/6YTigH8Ld
iVsfqVBqfQO1wR+61bSbYPh/EFaZT9WvbpZxnZQsab5roS5kTSq7ivqOLnO7UIhz
gWGls8wGj5/8v6A5LaJSYRT/0rsZHEVqJW/bH2TUPE7N5wH+zmA7vpjBTK1NyjRi
5ZmDxZwd9I2YTjOEu3ySkHoXMG7Bd04yqFRNfOqOR8FZ5I+Qgai6RcqDUXrzJEy8
qbqdmHqHDwXtvs+uYLZLyGyrvtZ6oFPbIZun2cZo7lENG18kCe3Z7bN4x7RNAxdd
5D2trJhnRIcBHPyJgPF+eQUjmosBzggIzypDVmYrzl8lpkQpUWm/upxpf4+NxAP+
Ck8y7vl5O9TjtaCromlQvgb9ebEb8pQogAq6q5UBjMDPQF6UQdQdg5nnJUQzQqrp
W49VXkV6nayeonsQg90c55ppjfU9fAilX6En8feJR04y+g4U37emE5YNi6mnTscw
RZ5DqsTZn6Ul85i4HPrRVs0kNpj9tf50ZpB4zx+Pr9C38WAdjpsnep1KkTYV4gC/
Io3NPSx2NqLJcQgv2amESyQOaaWZd66lfRrkyquUjc4+V74lqS0=
=hVRa
-----END PGP SIGNATURE-----
Reply to: