MGASA-2015-0209 Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...

Updated libssh packages fix CVE-2015-3146

Updated libssh packages fix security vulnerability: libssh versions 0.5.1 and above, but before 0.6.5, have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet whi...

FreeBSD : libssh -- NULL pointer dereference (0b040e24-f751-11e4-b24d-5453ed2e2b49)

Andreas Schneider reports : libssh versions 0.5.1 and above have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a NULL pointer dereference. Thi...

libssh 'ssh_packet_kexdh_init()' denial of service vulnerability

libssh is a C library that implements the SSH2 protocol. In versions of libssh before 0.6.5, an error in the "sshpacketkexdhinit" function src/server.c when processing SSHMSGNEWKEYS and SSHMSGKEXDHREPLY packets can be exploited to cause a denial of service...

libssh -- null pointer dereference

Andreas Schneider reports: libssh versions 0.5.1 and above have a logical error in the handling of a SSHMSGNEWKEYS and SSHMSGKEXDHREPLY package. A detected error did not set the session into the error state correctly and further processed the packet which leads to a null pointer dereference. This...

The vulnerability of the Gentoo Linux operating system allows a malicious individual to compromise the confidentiality of protected information.

The vulnerability of the libssh package up to version 0.6.3 in the Gentoo Linux operating system can lead to a violation of the confidentiality of protected information. This vulnerability can be exploited locally...

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libssh package up to version 0.5.3 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libssh-devel package of the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libssh-devel-doc package of the OpenSUSE operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

[slackware-security] libssh

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/libssh-0.6.4-i486-1slack14.1.txz: Upgraded. This update fixes some security issues. For more information, see:...

Slackware 14.0 / 14.1 / current : libssh (SSA:2015-111-04)

New libssh packages are available for Slackware 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2015-111-04. The text itself is copyright C...

Mandriva Linux Security Advisory : libssh (MDVSA-2015:086)

Updated libssh packages fix security vulnerabilities : When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current...

Ubuntu: Security Advisory (USN-2478-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Patches Several Security Flaws

Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption...

Ubuntu 14.04 LTS : libssh vulnerability (USN-2478-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2478-1 advisory. It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in ...

USN-2478-1: libssh vulnerability

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service...

USN-2478-1 libssh vulnerability

It was discovered that libssh incorrectly handled certain kexinit packets. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service...

libssh: denial of service

It was discovered that a double free vulnerability in the sshpacketkexinit function in kex.c allows remote attackers to cause a denial of service via a crafted kexinit packet...

Libssh ssh_packet_kexinit() Double-free Memory DoS

The remote libssh server contains a double-free memory flaw in the sshpacketkexinit function in kex.c. A remote attacker, with a specially crafted SSHMSGKEXINIT packet, can cause a denial of service. TRUSTED...

Mandriva Linux Security Advisory : libssh (MDVSA-2015:020)

Updated libssh packages fix security vulnerability : Double free vulnerability in the sshpacketkexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet CVE-2014-8132. %NASLMINLEVEL 70300 C Tenable Network...