blob: abd781dc9ae66baf98d8eaf5d05ed41ffdfc69ed (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was
reading and using the SSH_MSG_KEXINIT packet without doing sufficient
range checks when negotiating a new SSH session with a remote server. A
malicious attacker could man in the middle a real server and cause a
client using the libssh2 library to crash (denial of service) or
otherwise read and use unintended memory areas in this process.</p>
<p>For Debian 6 <q>Squeeze</q>, these issues have been fixed in libssh2 version 1.2.6-1+deb6u1</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2015/dla-171.data"
# $Id$
|
