-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libssh2 Version : 1.4.3-4.1+deb8u6 CVE ID : CVE-2019-17498 Debian Bug : 943562
In libssh2, SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server For Debian 8 "Jessie", this problem has been fixed in version 1.4.3-4.1+deb8u6. We recommend that you upgrade your libssh2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl3MGQYACgkQhj1N8u2c KO/U/g//Utbl1kntCYxixgzsuUTht2zIldluvSsHXDSLGqavA8WVdECv35oDc+kE bMzu42MptkEP4O55cS5vMLAuGl2zbhuEbDMbPaBYZ1oHd1OTMg7Pl9hCL7W6IuVI WIjLClh6W++4O6Gk9VKsFOUOU+8awhvLX9+co9md6ZWADmYonE3BdyshW5XwSjn+ OIfVOwPtFvIMmwnOeqUj72pIs7GTpwx7o0+9qUyNkunmKpp5rFTqNEzK8vAQgpti Ec03RP/zdVgNxNF1oAZMdj7J5aOv2UBUH+dqMMrhJmYsJ2igthPEOCgRrPFkukfB XCsEw/bQDBQQk41/1TKs83QzMpBwYZDHkuyDxAnKL9Yu+qSWkp1VMJ2fxQdY9OZS +DSIn+z0lwj/1C6KzufMYdHahGRup3H83HV/+7lwhFFLolCL8JVFLWzJHy1jHCUP 80U8oZiQDpbpsVin6l8wjuwMToMZtCCqT2/0S5ZPkmxSBV+bRfKcSXfdkVDXw6xx qrWTtrdLzZdkuG3Bz9JTxezgy9lMjmYWorJCbWNEvHNHcQ2sw4UQ9IxqnUNsRK1a X5SzyUMVQgpUX9pS7qEVSQkX1TEkwKzCPaOgbKyw+KE5NyutHlVBqZvCPTal85cc A6C5wQf0K9OF7W5E7938hTSDLiDh+jM4270vxTf6fHu/XJ4vBpI= =F0/Z -----END PGP SIGNATURE-----
