Oracle: Security Advisory (ELSA-2015-2140)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh2 security and bug fix update

1.4.3-10 - check length of data extracted from the SSHMSGKEXINIT packet CVE-2015-1782 1.4.3-9 - curl consumes too much memory during scp download 1080459 - prevent a not-connected agent from closing STDIN 1147717...

RedHat Update for libssh2 RHSA-2015:2140-07

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: libssh2 security and bug fix update

Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

libssh2: Using SSH_MSG_KEXINIT data unbounded

A flaw was found in the way the kexagreemethods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSHMSGKEXINIT packet to crash a connecting libssh2 client...

RHEL 7 : libssh2 (RHSA-2015:2140)

Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

FreeBSD : libssh2 -- denial of service vulnerability (9770d6ac-614d-11e5-b379-14dae9d210b8)

Mariusz Ziulek reports : A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash denial of service or otherwise read and use completely unintended memory areas in this process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

Fedora Update for libssh2 FEDORA-2015-3757

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libssh2 package in the SUSE Linux Enterprise operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

libssh2: out-of-bounds read

When negotiating a new SSH session with a remote server, one of libssh2's functions for doing the key exchange kexagreemethods was naively reading data from the incoming packet and using it without doing sufficient range checks. The SSHMSGKEXINIT packet arrives to libssh2 with a set of strings,...

Fedora Update for libssh2 FEDORA-2015-3791

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : libssh2-1.5.0-1.fc20 (2015-3791)

This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file. These include a security fix for CVE-2015-1782 : A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash denial of...

[SECURITY] Fedora 20 Update: libssh2-1.5.0-1.fc20

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

Mandriva Linux Security Advisory : libssh2 (MDVSA-2015:148-1)

Updated libssh2 packages fix security vulnerability : Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSHMSGKEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in t...

Debian DLA-171-1 : libssh2 security update

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading and using the SSHMSGKEXINIT packet without doing sufficient range checks when negotiating a new SSH session with a remote server. A malicious attacker could man in the middle a real server and cause a client using the...

Fedora 21 : libssh2-1.5.0-1.fc21 (2015-3797)

This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file. These include a security fix for CVE-2015-1782 : A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash denial of...

Fedora Update for libssh2 FEDORA-2015-3797

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: libssh2-1.5.0-1.fc21

libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS22, SECSH-USERAUTH25, SECSH-CONNECTION23, SECSH-ARCH20, SECSH-FILEXFER06, SECSH-DHGEX04, and SECSH-NUMBERS10...

libssh2 kex_agree_methods function denial of service vulnerability

libssh2 is a C library that implements the SSH2 protocol. A security vulnerability in the libssh2 kexagreemethods function allows an attacker to crash an application via a specially crafted length value in the SSHMSGKEXINIT message...

Fedora 22 : libssh2-1.5.0-1.fc22 (2015-3757)

This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file. These include a security fix for CVE-2015-1782 : A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash denial of...