Package name
libssh
Date
2013-02-09
Advisory ID
MDVSA-2013:009
Affected versions
2011 i586 , 2011 x86_64

Problem description

A vulnerability has been found and corrected in libssh:

The publickey_from_privatekey function in libssh before 0.5.4, when
no algorithm is matched during negotiations, allows remote attackers
to cause a denial of service (NULL pointer dereference and crash)
via a Client: Diffie-Hellman Key Exchange Init packet (CVE-2013-0176).

The updated packages have been upgraded to the 0.5.4 version which
is not affected by this issue.

Updated packages

2011 i586

 6b77e873216ebd5f4d724c64456c37ad  2011/i586/libssh4-0.5.4-0.1-mdv2011.0.i586.rpm
 a5391c1fccb103b2ebf01a93b1b1d314  2011/i586/libssh-devel-0.5.4-0.1-mdv2011.0.i586.rpm 
 6aa21578dc71b57b560098295ac54967  2011/SRPMS/libssh-0.5.4-0.1.src.rpm

2011 x86_64

 701b17b035ae086c363971be3619db4d  2011/x86_64/lib64ssh4-0.5.4-0.1-mdv2011.0.x86_64.rpm
 8300186fa57ddc710be45902dd590e5f  2011/x86_64/lib64ssh-devel-0.5.4-0.1-mdv2011.0.x86_64.rpm 
 6aa21578dc71b57b560098295ac54967  2011/SRPMS/libssh-0.5.4-0.1.src.rpm

References