From Mageia wiki
Jump to: navigation, search

MGASA-2013-0033

Date: February 6th, 2013
Affected releases: 2
Media: Core


Description:
Updated libssh packages fix security vulnerability:

Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh
to crash, resulting in a denial of service (CVE-2013-0176).


Updated Packages:
i586:
libssh4-0.5.2-1.2.mga2.i586.rpm
libssh-devel-0.5.2-1.2.mga2.i586.rpm
libssh-debug-0.5.2-1.2.mga2.i586.rpm

x86_64:
lib64ssh4-0.5.2-1.2.mga2.x86_64.rpm
lib64ssh-devel-0.5.2-1.2.mga2.x86_64.rpm
libssh-debug-0.5.2-1.2.mga2.x86_64.rpm

SRPMS:
libssh-0.5.2-1.2.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.ubuntu.com/usn/usn-1707-1/
https://bugs.mageia.org/show_bug.cgi?id=8880