Mageia: 2019-0343 Moderate: Libssh2 Integer Overflow Issue
mageia
November 30, 2019
The updated packages fix a security vulnerability: In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enab...
Summary
The updated packages fix a security vulnerability:
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server. (CVE-2019-17498)
References
- https://bugs.mageia.org/show_bug.cgi?id=25704
- https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
- https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562
- https://security-tracker.debian.org/tracker/CVE-2019-17498
- https://www.cve.org/CVERecord?id=CVE-2019-17498
Resolution
SRPMS
- 7/core/libssh2-1.8.2-1.1.mga7
PREVIOUS
NEXT
Publication date: 30 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0343.html
Type: security
CVE: CVE-2019-17498
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!