Advisories ยป MGASA-2019-0343

Updated libssh2 packages fix security vulnerability

Publication date: 30 Nov 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17498


The updated packages fix a security vulnerability:

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server. (CVE-2019-17498)