The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a “Client: Diffie-Hellman Key Exchange Init” packet.
lists.fedoraproject.org/pipermail/package-announce/2013-February/098065.html
lists.fedoraproject.org/pipermail/package-announce/2013-February/098094.html
secunia.com/advisories/51982
www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
www.ubuntu.com/usn/USN-1707-1
exchange.xforce.ibmcloud.com/vulnerabilities/81595