drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in libssh2
Name: |
Pufferüberlauf in libssh2 |
|
ID: |
FEDORA-2015-3791 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
Mo, 30. März 2015, 09:19 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782 |
|
Applikationen: |
libssh2 |
|
Originalnachricht |
Name : libssh2 Product : Fedora 20 Version : 1.5.0 Release : 1.fc20 URL : http://www.libssh2.org/ Summary : A library implementing the SSH2 protocol Description : libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10).
------------------------------------------------------------------------------- - Update Information:
This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file.
These include a security fix for CVE-2015-1782:
A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash (denial of service) or otherwise read and use completely unintended memory areas in this process. There are no known exploits of this flaw at this time.
See http://www.libssh2.org/adv_20150311.html for further details. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Mar 11 2015 Paul Howarth <paul@city-fan.org> - 1.5.0-1 - Update to 1.5.0 - See RELEASE-NOTES for details of bug fixes and enhancements - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded * Fri Oct 10 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-10 - prevent a not-connected agent from closing STDIN (#1147717) * Wed Apr 30 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-9 - Fix curl's excessive memory consumption during scp download ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1199511 - CVE-2015-1782 libssh2: Using SSH_MSG_KEXINIT data unbounded https://bugzilla.redhat.com/show_bug.cgi?id=1199511 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update libssh2' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|