UbuntuUpdates.org

Package "libssh2"

Name: libssh2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • SSH2 client-side library
  • SSH2 client-side library (debug package)
  • SSH2 client-side library (development headers)

Latest version: 1.4.3-2ubuntu0.2
Release: trusty (14.04)
Level: security
Repository: universe

Links



Other versions of "libssh2" in Trusty

Repository Area Version
updates universe 1.4.3-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.3-2ubuntu0.2 2019-02-14 19:07:04 UTC

  libssh2 (1.4.3-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Buffer overrun
    - debian/patches/CVE-2015-1782.patch: kex: bail out on rubbish in the
      incoming packet
    - CVE-2015-1782

 -- Mike Salvatore <email address hidden> Thu, 14 Feb 2019 09:23:46 -0500

Source diff to previous version
CVE-2015-1782 The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact vi

Version: 1.4.3-2ubuntu0.1 2017-02-22 02:06:47 UTC

  libssh2 (1.4.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Generated secrets too short during key exchange
    (LP: #1664812).
    - debian/patches/CVE-2016-0787.patch: convert bytes to bits in random
      number generation. Based on upstream patch.
    - CVE-2016-0787

 -- Brian Morton <email address hidden> Thu, 16 Feb 2017 11:47:00 -0500

1664812 CVE-2016-0787
CVE-2016-0787 The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 improperly truncates secrets to 128 or 256 bits, which makes it easier for man-in



About   -   Send Feedback to @ubuntu_updates