MGASA-2023-0184 Updated libssh packages fix security vulnerability

Potential NULL dereference during rekeying with algorithm guessing. CVE-2023-1667 Authorization bypass in pkiverifydatasignature. CVE-2023-2283...

MGASA-2020-0324 Updated libssh packages fix security vulnerability

The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service CVE-2020-16135...

MGASA-2020-0171 Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: A malicious client or server could crash the counterpart implemented with libssh AES-CTR ciphers are used and don't get fully initialized. It will crash when it tries to cleanup the AES-CTR ciphers when closing the connection CVE-2020-1730...

MGASA-2019-0402 Updated libssh packages fix security vulnerability

Updated libssh packages fix security vulnerability: In an environment where a user is only allowed to copy files and not to execute applications, it would be possible to pass a location which contains commands to be executed in addition CVE-2019-14889...

MGASA-2015-0209 Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...

MGASA-2015-0014 Updated libssh packages fix CVE-2014-8132

Updated libssh packages fix security vulnerability: Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet CVE-2014-8132...