Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Pufferüberlauf in libssh2
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in libssh2
ID: FEDORA-2015-3757
Distribution: Fedora
Plattformen: Fedora 22
Datum: So, 15. März 2015, 19:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782

Originalnachricht

Name        : libssh2
Product : Fedora 22
Version : 1.5.0
Release : 1.fc22
URL : http://www.libssh2.org/
Summary : A library implementing the SSH2 protocol
Description :
libssh2 is a library implementing the SSH2 protocol as defined by
Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).

-------------------------------------------------------------------------------
-
Update Information:

This update, to the current upstream release version, contains numerous bug
fixes and enhancements as described in the RELEASE-NOTES file.

These include a security fix for CVE-2015-1782:

A malicious attacker could man in the middle a real server and cause
libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.

See http://www.libssh2.org/adv_20150311.html for further details.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1199511 - CVE-2015-1782 libssh2: Using SSH_MSG_KEXINIT data
unbounded
https://bugzilla.redhat.com/show_bug.cgi?id=1199511
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update libssh2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung