1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4431-1] libssh2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Apr 13 15:20:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso
    April 13, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libssh2
    CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858
    CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
    CVE-2019-3863
    Debian Bug : 924965

    Chris Coulson discovered several vulnerabilities in libssh2, a SSH2
    client-side library, which could result in denial of service,
    information leaks or the execution of arbitrary code.

    For the stable distribution (stretch), these problems have been fixed in version 1.7.0-1+deb9u1.

    We recommend that you upgrade your libssh2 packages.

    For the detailed security status of libssh2 please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/libssh2

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyx3z9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QuJQ/+OXoYuhuUFBmpw6JJQElM98wGGsQnr+DEBcNKBrXNyZTfh2jZgZ2C+Loz 1BHewzhBWWCLPyVduTaW0xnQksfBGkiKoEQosdaFARtwgjfGw+hEOvZifm1CIxbM 8SlIbeXEDUeS+cMrzk92kOZ5CJt7y1v/bRdqshQ+i2jNj1bWUju5w4N15h+WIdSe C/QPiVcht9pHTdV4HP6J4kONbRNOfCBtafac1dGFqfu1bG4XhgNhrWUUkyAvlMJ7 GLuWxZp6k8XW8svTWwlqzuBaRh6IYDq/lFdl4hbZH5BDfrAa1F91DwV24316/9AJ qsltmm/9F7MSg8Pg3ENkip2EV8Az/dwpwMXXjo2nvYVQ5eifg3Z8/8rxg20bE/jM r99Y+5TyQMtNRmUVZ0qmifYNwocniBEK3pgrgpUYeQFF+3d8IpmlA1YY6m+APMvv Nv6s8P0VPpzzyT9wlVb4SZxETRRfhSSOIXH56elrEcKhI0hJMpPqYy37x6Ffl1UY XQq59S3veIjyVPk2pKbvz69hLdg/HEVLOb4sxqeNUtowfLfgsDLr7Hvt+ZjKXqR5 xyxQFPV06m0UWIPih55f11TcK3INResR+KnzN+r5E5gmOT2qdL3L76jG6DwmJdm6 qLYAU1EokRLv+l403jrVM4H5N7MPd+Ti+95W6nT0IUNV/DHtbbM=
    =scVb
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)