Debian DSA-3487-1 : libssh2 - security update

Andreas Schneider reported that libssh2, a SSH2 client-side library, passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake...

[SECURITY] [DSA 3487-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3487-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 23, 2016 https://www.debian.org/security/faq -...

[SECURITY] [DLA 426-1] libssh2 security update

Package : libssh2 Version : 1.2.6-1+deb6u2 CVE ID : CVE-2016-0787 Andreas Schneider reported that libssh2, an SSH2 protocol implementation used by many applications, did not generate sufficiently long Diffie-Hellman secrets. This vulnerability could be exploited by an...

DSA-3487-1 libssh2 - security update

Bulletin has no description...

DLA-426-1 libssh2 - security update

Bulletin has no description...

Scientific Linux Security Update : libssh2 on SL7.x x86_64 (20151119)

A flaw was found in the way the kexagreemethods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the- middle attacker could use a crafted SSHMSGKEXINIT packet to crash a connecting libssh2 client. CVE-2015-1782 This update also fixes the following bugs : -...

libssh2 security update

CentOS Errata and Security Advisory CESA-2015:2140 Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base scor...

Security fix for the ALT Linux 8 package libssh2 version 1.4.3-alt2

Nov. 25, 2015 Anton V. Boyarshinov 1.4.3-alt2 - CVE-2015-1782 fixed...

Oracle: Security Advisory (ELSA-2015-2140)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : libssh2 (ELSA-2015-2140)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2140 advisory. - check length of data extracted from the SSHMSGKEXINIT packet CVE-2015-1782 Tenable has extracted the preceding description block directly from the Oracle Linu...

libssh2 security and bug fix update

1.4.3-10 - check length of data extracted from the SSHMSGKEXINIT packet CVE-2015-1782 1.4.3-9 - curl consumes too much memory during scp download 1080459 - prevent a not-connected agent from closing STDIN 1147717...

RedHat Update for libssh2 RHSA-2015:2140-07

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: libssh2 security and bug fix update

Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

libssh2: Using SSH_MSG_KEXINIT data unbounded

A flaw was found in the way the kexagreemethods function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSHMSGKEXINIT packet to crash a connecting libssh2 client...

RHEL 7 : libssh2 (RHSA-2015:2140)

Updated libssh2 packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

FreeBSD : libssh2 -- denial of service vulnerability (9770d6ac-614d-11e5-b379-14dae9d210b8)

Mariusz Ziulek reports : A malicious attacker could man in the middle a real server and cause libssh2 using clients to crash denial of service or otherwise read and use completely unintended memory areas in this process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text an...

Fedora Update for libssh2 FEDORA-2015-3757

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libssh2: out-of-bounds read

When negotiating a new SSH session with a remote server, one of libssh2's functions for doing the key exchange kexagreemethods was naively reading data from the incoming packet and using it without doing sufficient range checks. The SSHMSGKEXINIT packet arrives to libssh2 with a set of strings,...

Fedora 20 : libssh2-1.5.0-1.fc20 (2015-3791)

This update, to the current upstream release version, contains numerous bug fixes and enhancements as described in the RELEASE-NOTES file. These include a security fix for CVE-2015-1782 : A malicious attacker could man in the middle a real server and cause libssh2-using clients to crash denial of...

Fedora Update for libssh2 FEDORA-2015-3791

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...