Advisories » MGASA-2015-0014

Updated libssh packages fix CVE-2014-8132

Publication date: 08 Jan 2015
Modification date: 08 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8132

Description

Updated libssh packages fix security vulnerability:

Double free vulnerability in the ssh_packet_kexinit function in kex.c in
libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial
of service via a crafted kexinit packet (CVE-2014-8132).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14957
• https://lists.fedoraproject.org/pipermail/package-announce/2015-January/147464.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132

SRPMS

4/core

• libssh-0.5.5-2.2.mga4