MGASA-2012-0344
| Date: | November 29th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated libssh packages fix security vulnerabilities:
Multiple double free flaws, buffer overflow flaws, invalid free flaws,
and improper overflow checks in libssh before 0.5.3 could enable a denial
of service attack against libssh clients, or possibly arbitrary code
execution (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562).
Updated Packages:
Mageia 1:
lib(64)ssh4-0.4.7-1.1.mga1
lib(64)ssh-devel-0.4.7-1.1.mga1
Mageia 2:
lib(64)ssh4-0.5.2-1.1.mga2
lib(64)ssh-devel-0.5.2-1.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4562
http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/
http://www.ubuntu.com/usn/usn-1640-1/
https://bugs.mageia.org/show_bug.cgi?id=8188
