MGASA-2019-0343
- Source
- https://advisories.mageia.org/MGASA-2019-0343.html
- Import Source
- https://advisories.mageia.org/MGASA-2019-0343.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2019-0343
- Related
- Published
- 2019-11-30T13:06:06Z
- Modified
- 2019-11-30T12:39:11Z
- Summary
- Updated libssh2 packages fix security vulnerability
- Details
-
The updated packages fix a security vulnerability:
In libssh2 v1.9.0 and earlier versions, the SSHMSGDISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. (CVE-2019-17498)
- References
-
- https://advisories.mageia.org/MGASA-2019-0343.html
- https://bugs.mageia.org/show_bug.cgi?id=25704
- https://www.debian.org/lts/security/2019/dla-1991
- https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562
- https://security-tracker.debian.org/tracker/CVE-2019-17498
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:7 / libssh2
Package
- Name
- libssh2
- Purl
- pkg:rpm/mageia/libssh2?distro=mageia-7