-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2303-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany July 31, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libssh Version : 0.7.3-2+deb9u3 CVE ID : CVE-2020-16135 The code in src/sftpserver.c did not verify the validity of certain pointers and expected them to be valid. A NULL pointer dereference could have been occurred that typically causes a crash and thus a denial-of-service. For Debian 9 stretch, this problem has been fixed in version 0.7.3-2+deb9u3. We recommend that you upgrade your libssh packages. For the detailed security status of libssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libssh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl8kp6VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSlFxAAv+LnIaX/joydb+e6EmWjyVIuyMmbezLgdfi4Eio9dWD9bgPQ7pU1Ppal 08GShiagtic+M2v6n5eaN7Q00L5gCnYgfseDC/3t+NjrbtEA7YmzQo/6YTigH8Ld iVsfqVBqfQO1wR+61bSbYPh/EFaZT9WvbpZxnZQsab5roS5kTSq7ivqOLnO7UIhz gWGls8wGj5/8v6A5LaJSYRT/0rsZHEVqJW/bH2TUPE7N5wH+zmA7vpjBTK1NyjRi 5ZmDxZwd9I2YTjOEu3ySkHoXMG7Bd04yqFRNfOqOR8FZ5I+Qgai6RcqDUXrzJEy8 qbqdmHqHDwXtvs+uYLZLyGyrvtZ6oFPbIZun2cZo7lENG18kCe3Z7bN4x7RNAxdd 5D2trJhnRIcBHPyJgPF+eQUjmosBzggIzypDVmYrzl8lpkQpUWm/upxpf4+NxAP+ Ck8y7vl5O9TjtaCromlQvgb9ebEb8pQogAq6q5UBjMDPQF6UQdQdg5nnJUQzQqrp W49VXkV6nayeonsQg90c55ppjfU9fAilX6En8feJR04y+g4U37emE5YNi6mnTscw RZ5DqsTZn6Ul85i4HPrRVs0kNpj9tf50ZpB4zx+Pr9C38WAdjpsnep1KkTYV4gC/ Io3NPSx2NqLJcQgv2amESyQOaaWZd66lfRrkyquUjc4+V74lqS0= =hVRa -----END PGP SIGNATURE-----
