UbuntuUpdates.org

Package "libssh"

Name: libssh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • tiny C SSH library
  • tiny C SSH library. Debug symbols
  • tiny C SSH library. Development files
  • tiny C SSH library. Documentation files

Latest version: 0.5.2-1ubuntu0.12.04.6
Release: precise (12.04)
Level: updates
Repository: main

Links



Other versions of "libssh" in Precise

Repository Area Version
base main 0.5.2-1
security main 0.5.2-1ubuntu0.12.04.6
PPA: Kubuntu-ppa Backports 0.6.1-0ubuntu3~ubuntu12.04~ppa1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.5.2-1ubuntu0.12.04.6 2016-02-23 17:07:14 UTC

  libssh (0.5.2-1ubuntu0.12.04.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect SSH_MSG_NEWKEYS and
    KEXDH_REPLY packet handling
    - debian/patches/CVE-2015-3146.patch: fix state validation in
      src/client.c, src/server.c, src/buffer.c.
    - CVE-2015-3146
  * SECURITY UPDATE: weakness in diffie-hellman secret key generation
    - debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in
      src/dh.c.
    - CVE-2016-0739

 -- Marc Deslauriers <email address hidden> Tue, 23 Feb 2016 07:36:38 -0500

Source diff to previous version
CVE-2015-3146 null pointer dereference due to a logical error in the handling of a SSH_MSG_NEWKEYS and KEXDH_REPLY packets
CVE-2016-0739 Weak Diffie-Hellman secret generation in libssh

Version: 0.5.2-1ubuntu0.12.04.4 2015-01-19 17:07:26 UTC

  libssh (0.5.2-1ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted kexinit packet
    - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in
      src/kex.c.
    - CVE-2014-8132
 -- Marc Deslauriers <email address hidden> Wed, 07 Jan 2015 12:05:17 -0500

Source diff to previous version
CVE-2014-8132 Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denia

Version: 0.5.2-1ubuntu0.12.04.3 2014-03-12 15:06:30 UTC

  libssh (0.5.2-1ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: PRNG state reuse on forking servers
    - debian/patches/CVE-2014-0017.patch: force reseed after fork in
      include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
      src/libgcrypt.c.
    - CVE-2014-0017
 -- Marc Deslauriers <email address hidden> Mon, 10 Mar 2014 09:58:25 -0400

Source diff to previous version
CVE-2014-0017 PRNG vulnerability

Version: 0.5.2-1ubuntu0.12.04.2 2013-01-28 20:06:37 UTC

  libssh (0.5.2-1ubuntu0.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via NULL dereference
    - debian/patches/CVE-2013-0176.patch: properly handle client that
      doesn't send a matching key in src/server.c.
    - CVE-2013-0176
 -- Marc Deslauriers <email address hidden> Fri, 25 Jan 2013 13:43:46 -0500

Source diff to previous version

Version: 0.5.2-1ubuntu0.12.04.1 2012-11-26 20:07:00 UTC

  libssh (0.5.2-1ubuntu0.12.04.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple double free flaws
    - debian/patches/CVE-2012-4559.patch: properly do frees in src/agent.c,
      src/channels.c, src/sftp.c.
    - CVE-2012-4559
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple buffer overflows
    - debian/patches/CVE-2012-4560.patch: properly calculate sizes in
      src/misc.c.
    - CVE-2012-4560
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple invalid free flaws
    - debian/patches/CVE-2012-4561.patch: don't use after free in
      src/keyfiles.c, properly zero structs in src/keys.c.
    - CVE-2012-4561
  * SECURITY UPDATE: denial of service and possible code execution via
    multiple improper overflow checks
    - debian/patches/CVE-2012-4562.patch: do proper overflow checks in
      src/buffer.c, src/dh.c, src/string.c.
    - CVE-2012-4562
 -- Marc Deslauriers <email address hidden> Thu, 22 Nov 2012 14:03:19 -0500




About   -   Send Feedback to @ubuntu_updates