[blfs-book] [BLFS Trac] #14853: libssh2 security fix

BLFS Trac via blfs-book Fri, 02 Apr 2021 08:14:46 -0700

#14853: libssh2 security fix
-------------------------+-----------------------
 Reporter:  ken@…        |      Owner:  blfs-book
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  10.2
Component:  BOOK         |    Version:  SVN
 Severity:  normal       |   Keywords:
-------------------------+-----------------------
 In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
 packet.c has an integer overflow in a bounds check, enabling an attacker
 to specify an arbitrary (out-of-bounds) offset for a subsequent memory
 read. A crafted SSH server may be able to disclose sensitive information
 or cause a denial of service condition on the client system when a user
 connects to the server.


 This has been fixed upstream but there is no newer release.

 CVE-2019-17498

--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14853>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

[blfs-book] [BLFS Trac] #14853: libssh2 security fix

Reply via email to