Advisories ยป MGASA-2015-0107

Updated libssh2 packages fix CVE-2015-1782

Publication date: 12 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1782


Updated libssh2 packages fix security vulnerability:

Mariusz Ziulek reported that libssh2, a SSH2 client-side library, was reading
and using the SSH_MSG_KEXINIT packet without doing sufficient range checks
when negotiating a new SSH session with a remote server. A malicious attacker
could man in the middle a real server and cause a client using the libssh2
library to crash (denial of service) or otherwise read and use unintended
memory areas in this process (CVE-2015-1782).