MGASA-2013-0033
Date: | February 6th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated libssh packages fix security vulnerability:
Yong Chuan Koh discovered that libssh incorrectly handled certain
negotiation requests. A remote attacker could use this to cause libssh
to crash, resulting in a denial of service (CVE-2013-0176).
Updated Packages:
i586:
libssh4-0.5.2-1.2.mga2.i586.rpm
libssh-devel-0.5.2-1.2.mga2.i586.rpm
libssh-debug-0.5.2-1.2.mga2.i586.rpm
x86_64:
lib64ssh4-0.5.2-1.2.mga2.x86_64.rpm
lib64ssh-devel-0.5.2-1.2.mga2.x86_64.rpm
libssh-debug-0.5.2-1.2.mga2.x86_64.rpm
SRPMS:
libssh-0.5.2-1.2.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0176
http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
http://www.ubuntu.com/usn/usn-1707-1/
https://bugs.mageia.org/show_bug.cgi?id=8880