Fedora 21 : libssh-0.6.4-1.fc21 (2014-17324)

Security fix for CVE-2014-8132. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

Libssh Double Release Vulnerability

libssh is a C package for accessing SSH services, which allows you to perform remote commands, file transfers, and provide a secure transmission channel for remote programs. A double-release vulnerability exists in libssh, which allows remote attackers to exploit the vulnerability to launch a...

[SECURITY] Fedora 20 Update: libssh-0.6.4-1.fc20

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, tra nsfer files, use a secure and transparent tunnel for your remote...

Double free

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

DEBIAN-CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

CVE-2014-8132

CVE-2014-8132 is a double-free vulnerability in libssh’s ssh_packet_kexinit (kex.c) affecting libssh 0.5.x and 0.6.x prior to 0.6.4. A crafted kexinit packet can cause a denial of service over the network. Remediation is to upgrade to libssh 0.6.4 or later; multiple advisories (SUSE, Debian, Gent...

CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

UBUNTU-CVE-2014-8132

Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet...

FreeBSD : libssh -- PRNG state reuse on forking servers (f8c88d50-5fb3-11e4-81bd-5453ed2e2b49)

Aris Adamantiadis reports : When accepting a new connection, the server forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guaranteed to be unique...

OpenSSH 6.6 SFTP (x64) - Command Execution

OpenSSH 6.6 SFTP x64 - Command Execution define GNUSOURCE // THIS PROGRAM IS NOT DESIGNED TO BE SAFE AGAINST VICTIM MACHINES THAT // TRY TO ATTACK BACK, THE CODE IS SLOPPY! // In other words, please don't use this against other people's machines. include include include include include include...

GLSA-201408-03 : LibSSH: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201408-03 LibSSH: Information disclosure A new connection inherits the state of the PRNG without re-seeding with random data. Impact : Servers using ECC ECDSA or DSA certificates in non-deterministic mode may under certain...

LibSSH: Information disclosure

Background LibSSH is a C library providing SSHv2 and SSHv1. Description A new connection inherits the state of the PRNG without re-seeding with random data. Impact Servers using ECC ECDSA or DSA certificates in non-deterministic mode may under certain conditions leak their private key. Workaround...

openSUSE Security Update : libssh (openSUSE-SU-2012:1622-1)

This update of libssh fixed various memory management issues that could have security implications Code execution, Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libssh (openSUSE-SU-2012:1620-1)

This update of libssh fixed various memory management issues that could have security implications Code execution, Denial of Service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : libssh (openSUSE-SU-2014:0366-1)

libssh was updated to fix a random generator reseeding issue when forking multiple servers. Forking multiple servers might under some circumstances get them the same random seed state. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Security fix for the ALT Linux 8 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...

Security fix for the ALT Linux 9 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...

Security fix for the ALT Linux 7 package libssh version 0.6.3-alt1

March 25, 2014 Sergey V Turchin 0.6.3-alt1 - new version - security fixes: CVE-2014-0017, CVE-2014-0017...