Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-3182-1:7E1C7
HistoryMar 11, 2015 - 11:04 a.m.

[SECURITY] [DSA 3182-1] libssh2 security update

2015-03-1111:04:21
lists.debian.org
16

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3182-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
March 11, 2015 http://www.debian.org/security/faq

Package : libssh2
CVE ID : CVE-2015-1782
Debian Bug : 780249

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.

For the stable distribution (wheezy), this problem has been fixed in
version 1.4.2-1.1+deb7u1.

We recommend that you upgrade your libssh2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7sparclibssh2-1-dbg< 1.4.2-1.1+deb7u1libssh2-1-dbg_1.4.2-1.1+deb7u1_sparc.deb
Debian7armellibssh2-1-dbg< 1.4.2-1.1+deb7u1libssh2-1-dbg_1.4.2-1.1+deb7u1_armel.deb
Debian7sparclibssh2-1< 1.4.2-1.1+deb7u1libssh2-1_1.4.2-1.1+deb7u1_sparc.deb
Debian7mipsellibssh2-1< 1.4.2-1.1+deb7u1libssh2-1_1.4.2-1.1+deb7u1_mipsel.deb
Debian7mipslibssh2-1-dev< 1.4.2-1.1+deb7u1libssh2-1-dev_1.4.2-1.1+deb7u1_mips.deb
Debian7armellibssh2-1-dev< 1.4.2-1.1+deb7u1libssh2-1-dev_1.4.2-1.1+deb7u1_armel.deb
Debian6i386libssh2-1-dev< 1.2.6-1+deb6u1libssh2-1-dev_1.2.6-1+deb6u1_i386.deb
Debian7mipsellibssh2-1-dbg< 1.4.2-1.1+deb7u1libssh2-1-dbg_1.4.2-1.1+deb7u1_mipsel.deb
Debian7powerpclibssh2-1-dbg< 1.4.2-1.1+deb7u1libssh2-1-dbg_1.4.2-1.1+deb7u1_powerpc.deb
Debian7amd64libssh2-1-dbg< 1.4.2-1.1+deb7u1libssh2-1-dbg_1.4.2-1.1+deb7u1_amd64.deb
Rows per page:
1-10 of 471

Related

redhat 1
archlinux 1
securityvulns 2
nessus 14
openvas 12
prion 1
oraclelinux 1
ubuntucve 1
cve 1
fedora 3
debian 2
ibm 2
freebsd 1
debiancve 1
altlinux 1
osv 2
mageia 1
centos 1
veracode 1
hackerone 1
redhat
redhat
(RHSA-2015:2140) Low: libssh2 security and bug fix update
2015-11-19 14:40:31
archlinux
archlinux
libssh2: out-of-bounds read
2015-04-09 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-15 00:00:00
libssh2 DoS
2015-03-15 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)
2015-03-30 00:00:00
FreeBSD : libssh2 -- denial of service vulnerability (9770d6ac-614d-11e5-b379-14dae9d210b8)
2015-09-23 00:00:00
Oracle Linux 7 : libssh2 (ELSA-2015-2140)
2015-11-24 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0669-1)
2021-04-19 00:00:00
Mageia: Security Advisory (MGASA-2015-0107)
2022-01-28 00:00:00
RedHat Update for libssh2 RHSA-2015:2140-07
2015-11-20 00:00:00
prion
prion
Stack overflow
2015-03-13 14:59:00
oraclelinux
oraclelinux
libssh2 security and bug fix update
2015-11-23 00:00:00
ubuntucve
ubuntucve
CVE-2015-1782
2015-03-13 00:00:00
cve
cve
CVE-2015-1782
2015-03-13 14:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: libssh2-1.5.0-1.fc20
2015-03-30 07:12:45
[SECURITY] Fedora 21 Update: libssh2-1.5.0-1.fc21
2015-03-19 18:44:02
[SECURITY] Fedora 22 Update: libssh2-1.5.0-1.fc22
2015-03-15 10:52:44
debian
debian
[SECURITY] [DLA 171-1] libssh2 security update
2015-03-14 18:30:24
[SECURITY] [DSA 3182-1] libssh2 security update
2015-03-11 11:04:38
ibm
ibm
Security Bulletin: Vulnerability in libssh2 affects PowerKVM (CVE-2015-1782)
2018-06-18 01:30:32
Security Bulletin: Vulnerability in libssh2 affects SAN Volume Controller and Storwize Family (CVE-2015-1782)
2023-03-29 01:48:02
freebsd
freebsd
libssh2 -- denial of service vulnerability
2015-01-25 00:00:00
debiancve
debiancve
CVE-2015-1782
2015-03-13 14:59:00
altlinux
altlinux
Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt2
2015-11-25 00:00:00
osv
osv
libssh2 - security update
2015-03-14 00:00:00
libssh2 - security update
2015-03-11 00:00:00
mageia
mageia
Updated libssh2 packages fix CVE-2015-1782
2015-03-12 18:30:53
centos
centos
libssh2 security update
2015-11-30 19:41:07
veracode
veracode
Denial Of Service (DoS)
2017-01-27 08:55:57
hackerone
hackerone
Imgur: SSRF in https://imgur.com/vidgif/url
2016-02-10 18:53:22

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON
Related for DEBIAN:DSA-3182-1:7E1C7
redhat1archlinux1securityvulns2nessus14openvas12prion1oraclelinux1ubuntucve1cve1fedora3debian2ibm2freebsd1debiancve1altlinux1osv2mageia1centos1veracode1hackerone1