MDVSA-2013:009

Nome do pacote

libssh

Data

2013-02-09

ID Alerta

MDVSA-2013:009

Versões afetadas

2011 i586 , 2011 x86_64

Descrição do problema

A vulnerability has been found and corrected in libssh:

The publickey_from_privatekey function in libssh before 0.5.4, when
no algorithm is matched during negotiations, allows remote attackers
to cause a denial of service (NULL pointer dereference and crash)
via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176).

The updated packages have been upgraded to the 0.5.4 version which
is not affected by this issue.

Pacotes atualizados

2011 i586

 6b77e873216ebd5f4d724c64456c37ad  2011/i586/libssh4-0.5.4-0.1-mdv2011.0.i586.rpm
 a5391c1fccb103b2ebf01a93b1b1d314  2011/i586/libssh-devel-0.5.4-0.1-mdv2011.0.i586.rpm 
 6aa21578dc71b57b560098295ac54967  2011/SRPMS/libssh-0.5.4-0.1.src.rpm

2011 x86_64

 701b17b035ae086c363971be3619db4d  2011/x86_64/lib64ssh4-0.5.4-0.1-mdv2011.0.x86_64.rpm
 8300186fa57ddc710be45902dd590e5f  2011/x86_64/lib64ssh-devel-0.5.4-0.1-mdv2011.0.x86_64.rpm 
 6aa21578dc71b57b560098295ac54967  2011/SRPMS/libssh-0.5.4-0.1.src.rpm

Referências

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
• http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/