Nom du paquet
libssh
Date
2013-04-05
Advisory ID
MDVSA-2013:045
Affected versions
MBS1 x86_64

Problem description

Updated libssh packages fix security vulnerabilities:

Multiple double free flaws, buffer overflow flaws, invalid free
flaws, and improper overflow checks in libssh before 0.5.3 could
enable a denial of service attack against libssh clients, or possibly
arbitrary code execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561
and CVE-2012-4562).

Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh
to crash, resulting in a denial of service (CVE-2013-0176).

Updated packages

MBS1 x86_64

 75e5b89f0a5d0eda3bbb0f2c97568cc8  mbs1/x86_64/lib64ssh4-0.5.2-2.1.mbs1.x86_64.rpm
 4dc1a2ba2f6148f774fcddef1d32b7b5  mbs1/x86_64/lib64ssh-devel-0.5.2-2.1.mbs1.x86_64.rpm 
 519a8c2a9c8bab7c31537cdef43c2cfd  mbs1/SRPMS/libssh-0.5.2-2.1.mbs1.src.rpm

References